Network layer

In the seven-layer OSI model of computer networking, the network layer is layer 3. The network
layer is responsible for packet forwarding including routing through intermediate routers.
The task of enabling data flow between two distinct networks falls to the network layer. It is not
essential to use the network layer if the two devices that are interacting are on the same network.
On the sender’s device, the network layer segmented the transport layer into smaller units called
packets, which were then reassembled on the receiving device. It chooses the best path to
transmit the data from the source to its destination, not just transmitting the packet this process is
called routing.
It is one of the most important layers which plays a key role in data transmission. The main job
of this layer is to maintain the quality of the data and pass and transmit it from its source to its
destination. . There are several important protocols that work in this layer.
In the network channel and communication channel, the network layer is in charge of managing
the network channel’s quickest routing path for the data packet.The network layer packages the
data that has been received for transmission. And maintains the network traffic in the channel by
handling the network layer protocols.
Protocols that are used in network layer are
 IP – INTERNET PROTOCOL
 IPsec- Internet Protocol Security
 ICMP- INTERNET CONTROL MESSAGE PROTOCOL
 IGMP- Internet Group Management Protocol
 GRE- Generic Routing Encapsulation
1. Internet Protocol(ip)
Internet Protocol (IP) is the method or protocol by which data is sent from one computer to
another on the internet. Each computer known as a host on the internet has at least one IP
address that uniquely identifies it from all other computers on the internet.
IP is responsible for:
 IP addressing conventions are part of the IP protocol. (Chapter 5, Planning Your TCP/IP
Network describes IPv4 addressing in detail and Chapter 14, Overview of IPv6 describes
IPv6 addressing in detail.)
 Host to host communications it determines the path a packet must take, based on the
receiving host's IP address.
 In Packet formatting the IP assembles packets into units known as IP datagrams.
Datagrams are fully described in "Internet Layer".
  Fragmentation is when if a packet is too large for transmission over the network media,
IP on the sending host breaks the packet into smaller fragments. IP on the receiving host
then reconstructs the fragments into the original packet.
There are some commonly used networks protocols these are
 Transmission Control Protocol(TCP) enables the flow of data across IP address
connections.
 User Datagram Protocol(UDP)provides a way to transfer low-latency process
communication that is widely used on the internet for DNS lookup and voice over
Internet Protocol.
 File Transfer Protocol(FTF) is a specification that is purpose-built for accessing,
managing, loading, copying and deleting files across connected IP hosts.
 Hypertext Transfer Protocol(HTTP) is the specification that enables the modern web.
HTTP enables websites and web browsers to view content. It typically runs over port 80.
 Hypertext Transfer Protocol Secure(HTTPS) is HTTP that runs with encryption via
Secure Sockets Layer or Transport Layer Security. HTTPS typically is served over port
443.
Most of this protocols being are found in the application layer
2. INTERNET CONTROL MESSAGE PROTOCOL(ICMP)
Internet Control Message Protocol is known as ICMP. The protocol is at the network layer. It is
mostly utilized on network equipment like routers and is utilized for error handling at the
network layer. Since there are various kinds of network layer faults, ICMP can be utilized to
report and troubleshoot these errors. Its used for reporting errors and management queries. It is a
supporting protocol and is used by network devices like routers for sending error messages and
operations information. For example, the requested service is not available or a host or router
could not be reached.
ICMP is also used for network diagnostics, specifically the trace route and ping terminal utilities,
in the following ways
 Trace route. The trace route utility is used to display the physical routing path between
two internet devices communicating with each other. It maps out the journey from one
router to another -- sometimes called a hop -- and provides information on how long it
took for data to get from source to destination. Using trace route to diagnose network
problems can help administrators locate the source of a network delay.
 Ping. The ping utility is a simpler trace route. It sends out pings -- also referred to as
ICMP echo request messages -- and then measures the amount of time it takes the
message to reach its destination and return to the source host. These replies are called
echo reply messages. Ping commands are useful for gathering latency information about
 a specific device. Unlike trace route, ping doesn't provide picture maps of the routing
layout.
ICMP is also used for network diagnostics, specifically the trace route and ping terminal utilities,
in the following ways:
 Trace route. The trace route utility is used to display the physical routing path between
two internet devices communicating with each other. It maps out the journey from one
router to another sometimes called a hop and provides information on how long it took
for data to get from source to destination. Using trace route to diagnose network
problems can help administrators locate the source of a network delay.
 Ping. The ping utility is a simpler trace route. It sends out pings -- also referred to as
ICMP echo request messages and then measures the amount of time it takes the message
to reach its destination and return to the source host. These replies are called echo reply
messages. Ping commands are useful for gathering latency information about a specific
device. Unlike trace route, ping doesn't provide picture maps of the routing layout.
3. IPsec (Internet Protocol Security)
IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data
transmitted over the internet or any public network. The Internet Engineering Task Force, or
IETF, developed the IPsec protocols in the mid-1990s to provide security at the IP layer through
authentication and encryption of IP network packets.
IPSec is important because it helps keep data safe and secure when it send over the Internet or
any network. It protects the data through Data Encryption and provides Data Integrity which is
often used in Virtual Private Networks (VPNs) to create secure, private connections in a way
Internet Protocol Security protects from cyber Attacks.
Protocols Used in IPsec are
 Encapsulating Security Payload (ESP): It provides data integrity, encryption,
authentication, and anti-replay. It also provides authentication for payload.
 Authentication Header (AH): It also provides data integrity, authentication, and anti-
replay and it does not provide encryption. The anti-replay protection protects against the
unauthorized transmission of packets. It does not protect data confidentiality.
 Internet Key Exchange (IKE): It is a network security protocol designed to dynamically
exchange encryption keys and find a way over Security Association (SA) between 2
devices. The Security Association (SA) establishes shared security attributes between 2
network entities to support secure communication. The Key Management Protocol
(ISAKMP) and Internet Security Association provides a framework for authentication
and key exchange. ISAKMP tells how the setup of the Security Associations (SAs) and
how direct connections between two hosts are using IPsec. Internet Key Exchange (IKE)
provides message content protection and also an open frame for implementing standard
 algorithms such as SHA and MD5. The algorithm’s IP sec users produce a unique
identifier for each packet. This identifier then allows a device to determine whether a
packet has been correct or not. Packets that are not authorized are discarded and not
given to the receiver.
IPsec in cloud security
As organizations migrate to cloud services, IPsec plays a critical role in securing data as it moves
between local infrastructure and cloud providers. Many cloud vendors support IPsec-based VPNs
to create secure, encrypted tunnels that safeguard data from unauthorized access during transit.
This layer of security aligns with compliance mandates, such as GDPR, that require
organizations to protect data, particularly when it traverses public networks.
4. Internet Group Management Protocol(IGMP)
Is a communication protocol used by hosts and adjacent routers for multicasting communication
with IP networks and uses the resources efficiently to transmit the message/data packets.
Multicast communication can have single or multiple senders and receivers and thus, IGMP can
be used in streaming videos, gaming, or web conferencing tools. This protocol is used on IPv4
networks and for using this on IPv6, multicasting is managed by Multicast Listener Discovery
(MLD).
The multicast group uses three fundamental types of messages to communicate:
 Query: A message sent from the querier (multicast router or switch) asking for a response
from each host belonging to the multicast group. If a multicast router supporting IGMP is
not present, the switch must assume this function to elicit group membership information
from the hosts on the network.
 Join: A message sent by a host to the querier to indicate that the host wants to be or is a
member of a given group indicated in the join message.
 Leave group: A message sent by a host to the querier to indicate that the host has ceased
to be a member of a specific multicast group
The IP protocol supports two types of communication:
 Unicasting- It is a communication between one sender and one receiver. Therefore, we
can say that it is one-to-one communication.
 Multicasting: Sometimes the sender wants to send the same message to a large of
receivers simultaneously. This process is known as multicasting which has one-to-many
communication.
5. Generic Routing Encapsulation(GRE)
Is a method of encapsulation of IP packet in a GRE header which hides the original IP packet.
Also a new header named delivery header is added above GRE header which contains new
source and destination address.
GRE header act as new IP header with Delivery header containing new source and destination
address. Only routers between which GRE is configured can decrypt and encrypt the GRE
header.
Generic Routing Encapsulation (GRE) offers numerous advantages for network management and
optimization. Here are some key benefits:
 Flexibility: Supports multiple network layer protocols.
 Scalability: Facilitates the expansion of network infrastructure.
 Compatibility: Integrates seamlessly with various network architectures.
 Security: Enables secure data transmission over IP networks.
 Efficiency: Reduces overhead by encapsulating packets efficiently
Essential components in GRE
 Endpoint Configuration: Set up the IP addresses for the tunnel endpoints.
 Tunnel Interface: Create and configure the virtual tunnel interface.
 Routing Protocols: Integrate routing protocols to manage data flow.
 Security Measures: Implement security protocols to protect data.
 Testing and Validation: Conduct tests to ensure the tunnel operates correctly.

Configuring and implementing Generic Routing Encapsulation (GRE) involves several key steps
to ensure efficient and secure data transmission. That is endpoint configuration by Set up the IP
addresses for the tunnel endpoints. Creating and configure the virtual tunnel interface. Integrate
routing protocols to manage data flow. Implement security protocols to protect data.Conduct
tests to ensure the tunnel operates correctly.