COMPUTER NETWORKS

BCS502
MODULE 3

Dr. Soumya J Bhat

Dept. of CSE
SMVITM, Bantakal

Textbook: 1. Behrouz A. Forouzan, Data Communications and Networking, 5th

Edition, Tata McGraw Hill,2013.

Introduction to Network Layer

The network layer in the TCP/IP protocol suite provides services to the transport
layer and receives services from the data-link layer.
Figure 18.1 shows the communication between Alice and Bob at the network layer.
The figure shows that the Internet is made of many networks (or links) connected
through the connecting devices. As the figure shows, the network layer is involved at
the source host, destination host, and all routers in the path (R2, R4, R5, and R7). At
the source host (Alice), the network layer accepts a packet from a transport layer,
encapsulates the packet in a datagram, and delivers the packet to the data-link layer.
At the destination host (Bob), the datagram is decapsulated, and the packet is
extracted and delivered to the corresponding transport layer.
Duties (tasks) of network layer:
1. Packetizing
The first duty of the network layer is packetizing i.e., encapsulating the payload (data
received from upper layer) in a network-layer packet at the source and decapsulating
the payload from the network-layer packet at the destination.
The source host receives the payload from an upper-layer protocol, adds a header
that contains the source and destination addresses and some other information that
is required by the network-layer protocol (as discussed later) and delivers the packet
to the data-link layer. The source is not allowed to change the content of the payload
The destination host receives the network-layer packet from its data-link layer,
decapsulates the packet, and delivers the payload to the corresponding upper-layer
protocol.
If the packet is fragmented at the source or at routers along the path, The network
layer is responsible for waiting until all fragments arrive, reassembling them, and
delivering them to the upper-layer protocol.
The routers in the path are not allowed to decapsulate the packets they received
unless the packets need to be fragmented. The routers are not allowed to change
source and destination addresses either. They just inspect the addresses for the
purpose of forwarding the packet to the next network on the path. However, if a
packet is fragmented, the header needs to be copied to all fragments and some
changes are needed at the router.

2. Routing and Forwarding

Other duties of the network layer are routing and forwarding
A physical network is a combination of networks (LANs and WANs) and routers that
connect them. Normally there is more than one route from the source to the
destination. The network layer is responsible for finding the best one among these
possible routes and routing the packet from its source to the destination. The
network layer needs to have some specific strategies for defining the best route. In
the Internet today, this is done by running some routing protocols.

Forwarding
Forwarding is the action done by each router when a packet arrives at one of its
interfaces.
The decision-making table a router uses for this action is called the forwarding table
or the routing table.
When a router receives a packet from one of the attached networks, it needs to send
the packet to another attached network. To decide where the packet should be sent,
it should know the destination address. The destination address is available in the
packet header. Router reads the address from the packet header, checks in the
routing table for the corresponding output interface number and sends the packet.

In the above fig, if B is the destination address, send the packet through interface 2.
Other services expected from network layer:
1. Error Control
Network layer adds a checksum field to the datagram to control any corruption
only in the header, but not in the whole datagram. This checksum prevents
any changes or corruptions in the header of the datagram. Error checking for
data is not included because the packet in the network layer may be
fragmented at each router, which makes error checking at this layer inefficient.

2. Flow Control
If the source produces data at a higher rate than the capacity of the receiver,
the receiver will not be able to handle the data. To control the flow of data,
receiver needs to send some feedback to sender. The flow control is the
 mechanism of regulating the amount of data a source can send with
burdening the receiver.
The network layer in the Internet, however, does not directly provide any flow
control.
Reasons: (a)flow control is provided in upper layer. So, flow control in another
level is not necessary. (b)Receivers can use buffers to store extra packets and
in that case flow control will not be required. (c)Since there is no error control
in this layer, the job of this layer is simple at the receiver side. Hence, there is
less chance of packets piling up. They normally get processed fast.

3. Congestion Control
Congestion is a situation where too many packets are present in the
network. Congestion occurs when the number of packets in the network is
more than the network capacity. If the congestion continues, sometimes
the system collapses and no datagrams are delivered. We discuss
congestion control at the network layer later in the chapter although it is
not implemented in the Internet.

4. Quality of Service
The quality of service provided for various applications in the network is
very important. However, this is implemented in upper layers.

5. Security:
Security is another major concern especially in the Internet. In the initial
design, network layer had no security provisions. To provide security for a
connectionless network layer, we need to have another virtual level that
changes the connectionless service to a connection-oriented service. This
virtual layer is called IPSec

18.2 PACKET SWITCHING

Although in data communication switching techniques are divided into two broad
categories, circuit switching and packet switching, only packet switching is used at
the network layer because the unit of data at this layer is a packet. Circuit switching
is mostly used at the physical layer;
At the network layer, a message from the upper layer is divided into manageable
packets and each packet is sent through the network.
The source of the message sends the packets one by one; the destination of the
message receives the packets one by one.
The destination waits for all packets belonging to the same message to arrive before
delivering the message to the upper layer.
The connecting devices in a packet-switched network need to decide how to route
(send) the packets to the final destination.
A packet-switched network can use two different approaches to route (send) the
packets: the datagram approach and the virtual circuit approach.

Datagram Approach: Connectionless Service

A connectionless service in which the network-layer protocol treats each packet
independently, with each packet having no relationship to any other packet. The idea
was that the network layer is only responsible for delivery of packets from the source
to the destination.
In this approach, the packets in a message may or may not travel the same path to
their destination. there is no relationship between packets belonging to the same
message.

Each packet is routed based on the information contained in its header: source and
destination addresses. The router in this case routes the packet based on the
forwarding table.
Virtual-Circuit Approach: Connection-Oriented Service
Here, there is a relationship between all packets belonging to a message.
Before all datagrams in a message can be sent, a virtual connection should be set
up to define the path for the datagrams.
After connection setup, the datagrams can all follow the same path.
To create a connection-oriented service, a three-phase process is used: setup, data
transfer, and teardown.
Setup Phase:
In the setup phase, a router creates a virtual connection between source and
destination.
To create a connection, Two packets need to be exchanged between the sender and
the receiver: the request packet and the acknowledgment packet.
A request packet is sent from the source to the destination. This packet carries the
source and destination addresses.

1. Source A sends a request packet to router R1.

2. Router R1 receives the request packet. It knows that a packet going from A to B
goes out through port 3. The router assigns the incoming port (1) and chooses an
available incoming label (14) and the outgoing port (3). It does not yet know the
outgoing label, which will be found during the acknowledgment step. The router then
forwards the packet through port 3 to router R3.
3. Router R3 receives the setup request packet. The same events happen here as at
router R1; three columns of the table are completed: in this case, incoming port (1),
incoming label (66), and outgoing port (3).
4. Router R4 receives the setup request packet. Again, three columns are
completed: incoming port (1), incoming label (22), and outgoing port (4).
5. Destination B receives the setup packet, and if it is ready to receive packets from
A, it assigns a label to the incoming packets that come from A, in this case 77
Acknowledgment Packet :
A special packet, called the acknowledgment packet, completes the entries in the
switching tables.
1. The destination sends an acknowledgment to router R4. The acknowledgment
carries the global source and destination addresses so the router knows which entry
in the table is to be completed. The packet also carries label 77, chosen by the
destination as the incoming label for packets from A. Router R4 uses this label to
complete the outgoing label column for this entry. Note that 77 is the incoming label
for destination B, but the outgoing label for router R4.
2. Router R4 sends an acknowledgment to router R3 that contains its incoming label
in the table, chosen in the setup phase. Router R3 uses this as the outgoing label in
the table.
3. Router R3 sends an acknowledgment to router R1 that contains its incoming label
in the table, chosen in the setup phase. Router R1 uses this as the outgoing label in
the table.
4. Finally, router R1 sends an acknowledgment to source A that contains its
incoming label in the table, chosen in the setup phase.
5. The source uses this as the outgoing label for the data packets to be sent to
destination B.

Data-Transfer Phase
The second phase is called the data-transfer phase. After all routers have created
their forwarding table, the network-layer packets belonging to one message can be
sent one after another.
The source computer uses the label 14, which it has received from router R1 in the
setup phase. Router R1 forwards the packet to router R3, but changes the label to
66. Router R3 forwards the packet to router R4, but changes the label to 22. Finally,
router R4 delivers the packet to its final destination with the label 77. All the packets
in the message follow the same sequence of labels, and the packets arrive in order
at the destination.
Teardown Phase
In the teardown phase, source A, after sending all packets to B, sends a special
packet called a teardown packet. Destination B responds with a confirmation packet.
All routers delete the corresponding entries from their tables.

18.4 IPV4 ADDRESSES

IP address is used to identify the connection of each device to the Internet.
An IPv4 address is a 32-bit address that uniquely and universally defines the
connection of a host or a router to the Internet.
The IP address is the address of the connection, not the host or the router, because
if the device is moved to another network, the IP address may be changed.
IPv4 addresses are unique in the sense that each address defines one, and only
one, connection to the Internet.
18.4.1 Address Space
An address space is the total number of addresses used by the protocol.
If a protocol uses b bits to define an address, the address space is 2b because each
bit can have two different values (0 or 1).
IPv4 uses 32-bit addresses, which means that the address space is 2 32 or
4,294,967,296 (more than four billion).
If there were no restrictions, more than 4 billion devices could be connected to the
Internet.
Notation
There are three common notations to show an IPv4 address: binary notation (base
2), dotted-decimal notation (base 256), and hexadecimal notation (base 16).

Hierarchy in Addressing
(In a postal network, the postal address includes the country, state, city, street, house
number, and the name of the mail recipient. This is hierarchical addressing)
A 32-bit IPv4 address is also hierarchical
Address is divided into two parts.
The first part of the address, called the prefix, defines the network; the second part of
the address, called the suffix, defines the node
A prefix can be fixed length or variable length. The network identifier in the IPv4 was
first designed as a fixed-length prefix. This scheme, which is now obsolete, is
referred to as classful addressing. The new scheme, which is referred to as classless
addressing, uses a variable-length network prefix.
18.4.2 Classful Addressing
Here, the address space is divided into five classes (class A, B, C, D, and E)
In class A, the network length is 8 bits. If the first one bit is 0, it indicates class A. The
other 7 bits are used as network identifier. This means there are 2 7 = 128 networks in
the world that can have a class A address.
In class B, the network length is 16 bits, but since the first two bits, which are (10)2,
define the class, we can have only 14 bits as the network identifier. This means there
are only 214 = 16,384 networks in the world that can have a class B address.
All addresses that start with (110)2 belong to class C. In class C, the network length
is 24 bits, but since three bits define the class, we can have only 21 bits as the
network identifier. This means there are 221 = 2,097,152 networks in the world that
can have a class C address.
All addresses that start with 1110 in binary belong to class D and 1111 in binary
belong to class E. Class D is not divided into prefix and suffix. It is used for multicast
addresses. Class E is not divided into prefix and suffix and is used as reserve.
Advantage of Classful Addressing - we can easily find the class of the address and,
since the prefix length for each class is fixed, we can find the prefix length
immediately

Address Depletion
The reason that classful addressing has become obsolete is address depletion.
Since the addresses were not distributed properly, the Internet was faced with the
problem of the addresses being rapidly used up, resulting in no more addresses
available for organizations and individuals that needed to be connected to the
Internet.
Subnetting and Supernetting
To alleviate address depletion, two strategies were proposed: subnetting and
supernetting.
Subnetting is a technique used in computer networking to divide a large network into
smaller sub-networks, also known as subnets. This is done to optimize network
performance. Each subnet has its own unique network address, which is used to
identify and route data within that particular subnet.
In subnetting, a portion of the host bits in an IP address is used to create a network
ID, leaving the remaining bits to identify the host within that network.

Supernetting is the procedure to combine small networks into larger spaces. In

subnetting, Network addresses’ bits are increased. on the other hand, in
supernetting, Host addresses’ bits are increased.
Subnetting and supernetting in classful addressing did not really solve the address
depletion problem.
18.4.3 Classless Addressing
With the growth of the Internet, a larger address space was needed as a long-term
solution. A short-term solution called classless addressing was introduced.
In classless addressing, the whole address space is divided into variable length
blocks. The prefix in an address defines the block (network); the suffix defines the
node (device).
Unlike classful addressing, the prefix length in classless addressing is variable. We
can have a prefix length that ranges from 0 to 32. The size of the network is
inversely proportional to the length of the prefix. A small prefix means a larger
network; a large prefix means a smaller network.
Prefix Length: Slash Notation
How to find the prefix length if an address is given. In this case, the prefix length, n,
is added to the address, separated by a slash. The notation is informally referred to
as slash notation and formally as classless interdomain routing or CIDR (pronounced
cider) strategy.
Examples: 192.0.2.0/24
Since IPv4 addresses have 32-bit addresses, What this means is that 24 bits are
used to specify a network ID, leaving 8 bits to identify a host. So, the 192.0.2.0/24
network goes from 192.0.2.0 through 192.0.2.255.

Given any address, how to find the number of addresses, the first address in the
block, and the last address?
To find the first address, we keep the n leftmost bits and set the (32 − n) rightmost
bits all to 0s. To find the last address, we keep the n leftmost bits and set the (32 − n)
rightmost bits all to 1s.
The number of addresses in the block is found as N = 2 32−n.

Example 18.1
A classless address is given as 167.199.170.82/27.

The number of addresses in the network is 2 32 − n = 25 = 32 addresses.

Another method using Address Mask:
The address mask is a 32-bit number in which the n leftmost bits are set to 1s and
the rest of the bits (32 − n) are set to 0s.
1. The number of addresses in the block N = NOT (mask) + 1.
2. The first address in the block = (Any address in the block) AND (mask).
3. The last address in the block = (Any address in the block) OR [(NOT (mask)].

Example 18.2
We repeat Example 18.1 using the mask. The mask in dotted-decimal notation is
256.256.256.224.
(11111111.11111111.11111111.11100000)
Number of addresses in the block: N = NOT (mask) + 1= 0.0.0.31 + 1 = 32
addresses
First address: First = (address) AND (mask) = 167.199.170.82
Last address: Last = (address) OR (NOT mask) = 167.199.170.255

Network Address
The network address is actually the identifier of the network; each network is
identified by its network address.
The network address is important because it is used in routing a packet to its
destination network.
When a packet arrives at the router from any source host, the router needs to know
to which network the packet should be sent and from which interface the packet
should be sent out.
After the network address has been found, the router consults its forwarding table to
find the corresponding interface from which the packet should be sent out.
Block Allocation:
How are the blocks allocated? The ultimate responsibility of block allocation is given
to a global authority called the Internet Corporation for Assigned Names and
Numbers (ICANN). It assigns a large block of addresses to an ISP
Two restrictions need to be applied to the allocated block.
1. The number of requested addresses, N, needs to be a power of 2.
2. The requested block needs to be allocated where there is an adequate
number of contiguous addresses available in the address space. The first
address needs to be divisible by the number of addresses in the block.

Example 18.4 An ISP has requested a block of 1000 addresses. Since 1000
is not a power of 2, 1024 addresses are granted. The prefix length is
calculated as n = 32 − log21024 = 22. An available block, 18.14.12.0/22, is
granted to the ISP.

Subnetting
An organization (or an ISP) that is granted a range of addresses may divide
the range into several subranges and assign each subrange to a subnetwork
(or subnet). A subnetwork can be divided into several sub-subnetworks. A
sub-subnetwork can be divided into several sub-sub-subnetworks, and so on.

Designing Subnets
We assume the total number of addresses granted to the organization is N,
the prefix length is n, the assigned number of addresses to each subnetwork
is Nsub, and the prefix length for each subnetwork is nsub. Then the following
steps need to be carefully followed to guarantee the proper operation of the
subnetworks.

❑ The number of addresses in each subnetwork should be a power of 2.

❑ The prefix length for each subnetwork should be found using the following
formula: nsub = 32 − log2Nsub
❑ The starting address in each subnetwork should be divisible by the number
of addresses in that subnetwork.

Finding Information about Each Subnetwork

Example 18.5 An organization is granted a block of addresses with the
beginning address 14.24.74.0/24. The organization needs to have 3
subblocks of addresses to use in its three subnets: one subblock of 10
addresses, one subblock of 60 addresses, and one subblock of 120
addresses. Design the subblocks.

Solution: There are 2 32 – 24 = 256 addresses in this block. The first address is
14.24.74.0/24; the last address is 14.24.74.255/24.

If we add all addresses in the previous subblocks, the result is 208 addresses,
which means 48 addresses are left in reserve.

Address Aggregation –
blocks of addresses are combined to create a larger block

Example 18.6
Figure 18.24 shows how four small blocks of addresses are assigned to four
organizations by an ISP. The ISP combines these four blocks into one single
block and advertises the larger block to the rest of the world. Any packet
destined for this larger block should be sent to this ISP. It is the responsibility
of the ISP to forward the packet to the appropriate organization.

Special Addresses
five special addresses that are used for special purposes: this-host address,
limited-broadcast address, loopback address, private addresses, and
multicast addresses.

This-host Address
0.0.0.0/32 is called the this-host address. It is used whenever a host needs to
send an IP datagram but it does not know its own address to use as the
source address.

Limited-broadcast Address - The only address in the block

255.255.255.255/32 is called the limited-broadcast address. It is used
whenever a router or a host needs to send a datagram to all devices in a
network

Loopback Address
The block 127.0.0.0/8 is called the loopback address. A packet with one of the
addresses in this block as the destination address never leaves the host; it will
remain in the host. Any address in the block is used to test a piece of software
in the machine
Private Addresses - Four blocks are assigned as private addresses:
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16. They are for
private internets.

Multicast Addresses - The block 224.0.0.0/4 is reserved for multicast

addresses. Multicast is one to many. Used to send packets intended to
be multicast for a designated network service

[The main difference between broadcast and multicast is that during the
broadcast, the packet is sent to all of the hosts that are connected to the
network, but during the multicast, the packet is sent only to the hosts that are
supposed to receive it as the intended receivers.]

18.4.4 Dynamic Host Configuration Protocol (DHCP)

ISP can receive a block of addresses directly from ICANN.
Organizations can receive a block of addresses from an ISP.
After a block of addresses are assigned to an organization, the network
administration can manually assign addresses to the individual hosts or
routers.
However, address assignment in an organization can be done automatically
using the Dynamic Host Configuration Protocol (DHCP).
In addition to its IP address, a computer also needs to know four pieces of
information: the computer address, the prefix, the address of a router, and the
IP address of a name server. DHCP can be used to provide these pieces of
information to the host.

DHCP Message Format:

The 64-byte option field has a dual purpose. It can carry either additional
information or some specific vendor information.
An option is composed of three fields: a 1-byte tag field, a 1-byte length field,
and a variable-length value field. There are several tag fields.
If the tag field is 53, the value field defines one of the 8 message types shown
in Figure 18.26.

DHCP Operation:
Figure 18.27 shows a simple scenario.
1. The joining host creates a DHCPDISCOVER message. This message will
have the transactionID field is set to a random number, the source address
set to 0.0.0.0 (“this host”) and the destination address set to
255.255.255.255 (broadcast address). This message is encapsulated in a
UDP user datagram with the source port set to 68 and the destination port
set to 67. The reason is that the joining host knows neither its own address
nor the server address.
2. The DHCP server or servers (if more than one) responds with a
DHCPOFFER message in which it defines the offered IP address for the
joining host and the IP address of the server. The message also includes
the lease time for which the host can keep the IP address.
3. The joining host receives one or more offers and selects the best of them.
The joining host then sends a DHCPREQUEST message to the server
that has given the best offer.
4. Finally, the selected server responds with a DHCPACK message to the
client if the offered IP address is valid. If the server cannot keep its offer
(for example, if the address is offered to another host in between), the
server sends a DHCPNACK message and the client needs to repeat the
process.
 client server
DHCPDISCOVER

DHCPOFFER

DHCPREQUEST

Two Well-Known Ports:

DHCPACK
DHCP uses two well-known ports (68 and 67).

time
Reason for using fixed port numbers is: assume that a DHCP client and a one more
client, both are waiting to receive a response from their corresponding server and
both have accidentally used the same temporary port number (56017, for example).
Both hosts receive the response message from the DHCP server and deliver the
message to their clients. The DHCP client processes the message; the other client is
totally confused with a strange message received. Using a well-known port number
prevents the problem.

Using FTP:
The server does not send all of the information that a client may need for joining the
network. In the DHCPACK message, the server defines the pathname of a file in
which the client can find complete information. The client can then use a file transfer
protocol to obtain the rest of the needed information
Error Control:
To provide error control, DHCP uses two strategies. First, DHCP requires that UDP
use the checksum. Second, the DHCP client uses timers and a retransmission policy
if it does not receive the DHCP reply to a request.

Transition States:
When the DHCP client first starts, it is in the INIT state (initializing state). The client
broadcasts a discover message. When it receives an offer, the client goes to the
SELECTING state. After it selects an offer, it sends a request message and goes to
the REQUESTING state.
If an ACK arrives while the client is in this state, it goes to the BOUND state
When the lease is 50 percent expired, the client tries to renew it by moving to the
RENEWING state.
If the lease is not renewed and the lease time is 75 percent expired, the client moves
to the REBINDING state.
If the server agrees with the lease (ACK message arrives), the client moves to the
BOUND state.
18.4.5 Network Address Resolution (NAT)
For example, assume that in a small business with 20 computers the maximum
number of computers that access the Internet simultaneously is only 4. Most of the
computers are either doing some task that does not need Internet access or
communicating with each other. The business can use 20 (or 25) addresses from the
private block addresses (discussed before) for internal communication; five
addresses for universal communication can be assigned by the ISP.
Network Address Translation (NAT) is a technology that allows a site to use a set of
private addresses for internal communication and a set of global Internet addresses
for communication with the rest of the world. The site must have only one connection
to the global Internet through a NAT-capable router that runs NAT software.

Global
address
As the figure shows, the private network uses private addresses. The rest of the
Internet sees only the NAT router with the address 200.24.5.8.
Address Translation
All of the outgoing packets go through the NAT router, which replaces the source
address in the packet with the global NAT address. All incoming packets also pass
through the NAT router, which replaces the destination address in the packet (the
NAT router global address) with the appropriate private address. For this, NAT router
uses a translation table.

Using One IP Address

In its simplest form, a translation table has only two columns: the private address
and the external address (destination address of the packet). When the router
translates the source address of the outgoing packet, it also makes note of the
destination address— where the packet is going. When the response comes back
from the destination, the router uses the source address of the packet (as the
external address) to find the private address of the packet.

Using a Pool of IP Addresses

The use of only one global address by the NAT router allows only one private-
network host to access a given external host. To remove this restriction, the NAT
router can use a pool of global addresses. For example, instead of using only one
global address (200.24.5.8), the NAT router can use four addresses (200.24.5.8,
200.24.5.9, 200.24.5.10, and 200.24.5.11). In this case, four private-network hosts
can communicate with the same external host at the same time. However, there are
still some drawbacks. No more than four connections can be made to the same
destination. No private-network host can access two external server programs (e.g.,
HTTP and TELNET) at the same time.
Using Both IP Addresses and Port Addresses
To allow a many-to-many relationship between private-network hosts and external
server programs, we need more information in the translation table.

IPv4 Datagram

 VERSION: Version of the IP protocol (4 bits), which is 4 for IPv4

 HLEN: IP header length (4 bits),
 Type of service: Low Delay, High Throughput, Reliability (8 bits)
 Total Length: Length of header + Data (16 bits)
 Identification: Unique Packet Id
 Flags: 3 flags of 1 bit each : reserved bit (must be zero), do not fragment flag,
more fragments flag (same order)
 Fragment Offset: Represents the number of Data Bytes ahead of the particular
fragment in the particular Datagram.
  Time to live: Datagram’s lifetime
 Protocol: Name of the protocol to which the data is to be passed (8 bits)
 Header Checksum: 16 bits header checksum for checking errors in the datagram
header
 Source IP address: 32 bits IP address of the sender
 Destination IP address: 32 bits IP address of the receiver
 Option: Optional information such as source route, record route.

22.2 THE IPv6 PROTOCOL

The most common version of the Internet Protocol currently in use, IPv4, will soon be
replaced by IPv6, a new version of the protocol.
Because so many connected devices are being used, the original IP address
scheme, known as IPv4, is running out of addresses.
The well-known IPv6 protocol is being used and deployed more often, especially in
mobile phone markets.
This new IP address version is being deployed to fulfil the need for more Internet
addresses. With 128-bit address space, it allows 2 128 unique address space.
other changes implemented in the protocol in addition to changing address size and
format-
 Better header format
 new options to allow for additional functionalities
 Allowance for extension
 Support for resource allocation
 Support for more security

22.2.1 Packet Format

The IPv6 packet is shown in Figure 22.6. Each packet is composed of a base header
followed by the payload. The base header occupies 40 bytes, whereas payload can
be up to 65,535 bytes of information.
 • Version. This 4-bit field identifies the IP version number. IPv6 carries a value of
6 in this field.
• Traffic class. The 8-bit traffic class field helps routers to handle the traffic based
on the priority of the packet. If congestion occurs on the router then packets
with the least priority will be discarded.
• Flow label. Between a source and destination, multiple flows may exist because
many processes might be running at the same time. Flow Label field is used
by a source to label the packets belonging to the same flow in order to
request special handling by intermediate IPv6 routers,.
• Payload length. The 2-byte payload length field tells routers about the amount
of information a particular packet contains in its payload excluding the header.
• Next header. Next Header indicates the type of extension header(if present)
immediately following the IPv6 header.
• Hop limit. It indicates the maximum number of intermediate nodes IPv6 packet
is allowed to travel. The contents of this field are decremented by one by each
router that forwards the datagram. If the hop limit count reaches zero, the
datagram is discarded.
• Source and destination addresses

Concept of Flow and Priority in IPv6:

• Between a source and destination, multiple flows may exist because many
processes might be running at the same time. Flow Label field is used by a
source to label the packets belonging to the same flow in order to request
special handling by intermediate IPv6 routers,.
a flow label can be used to support the transmission of real-time audio and video.
Real-time audio or video, particularly in digital form, requires resources such as high
bandwidth, large buffers, long processing time, and so on. A pro cess can make a
reservation for these resources beforehand to guarantee that real-time data will not
be delayed due to a lack of resources.

A router has a flow label table. The table has an entry for each active flow label; each
entry defines the services required by the corresponding flow label. When the router
receives a packet, it consults its flow label table to find the corresponding entry for
the flow label value defined in the packet. It then provides the packet with the
services mentioned in the entry

Fragmentation and Reassembly:

IPv6 datagrams can be fragmented only by the source, not by the routers; the
reassembly takes place at the destination
In IPv6, the source can check the size of the packet and make the decision to
fragment the packet or not. When a router receives the packet, it can check the size
of the packet and drop it if the size is larger than allowed by the MTU of the network
ahead.

22.2.2 Extension Header

An IPv6 packet is made of a base header and some extension headers. The length
of the base header is fixed at 40 bytes. However, the base header can be followed
by up to six extension headers. These are hop-by-hop option, source routing,
fragmentation, authentication, encrypted security payload, and destination option.

Hop-by-Hop Option:
The hop-by-hop option is used when the source needs to pass information to all
routers visited by the datagram. It can be to inform about certain management,
debugging, or control functions Or to inform about the size of packet if its more than
the usual 65,535 bytes.

Destination Option
The destination option is used when the source needs to pass information to the
destination only. Intermediate routers are not permitted access to this information.

Source Routing
source routing is a method that allows the sender of a packet to specify the route
that the packet should take through the network.

Fragmentation
In IPv6, only the original source can fragment. A source must use a Path MTU
Discovery technique to find the smallest MTU supported by any network on the path.
The source then fragments using this knowledge.

Authentication
The authentication extension header has a dual purpose:
(a) it validates the message sender. This is needed so the receiver can be sure
that a message is from the genuine sender
(b) it ensures the integrity of data. This is needed to check that the data is not
altered in transition by some hacker.

Encrypted Security Payload

The encrypted security payload (ESP) is an extension that provides
confidentiality and guards against eavesdropping.

Comparison of Options between IPv4 and IPv6

The following shows a quick comparison between the options used in IPv4
and the options used in IPv6 (as extension headers).
❑ The no-operation and end-of-option options in IPv4 are replaced by Pad1
and PadN options in IPv6.
❑ The record route option is not implemented in IPv6 because it was not
used.
❑ The timestamp option is not implemented because it was not used.
❑ The source route option is called the source route extension header in
IPv6.
❑ The fragmentation fields in the base header section of IPv4 have moved to
the fragmentation extension header in IPv6.
❑ The authentication extension header is new in IPv6.
❑ The encrypted security payload extension header is new in IPv6.

Unicast Routing

One of the important jobs of network layer is to choose appropriate paths

for packets.
In an internet, the goal of the network layer is to deliver a datagram from its
source to its destination or destinations. If a datagram is destined for only one
destination (one-to-one delivery), we have unicast routing. If the datagram is
destined for several destinations (one-to-many delivery), we have multicast
routing.

20.1.1 General Idea – unicast routing

In unicast routing, a packet is routed, hop by hop, from its source to its
destination by the help of forwarding tables. there are several routes that a
packet can travel from the source to the destination; what must be
determined is which route the packet should take.

To find the best route, an internet can be modelled as a weighted graph

where each router is a node and each network between a pair of routers is an
edge with a cost.
If a weighted graph is used to represent a geographical area, the nodes can
be cities and the edges can be roads connecting the cities; the weights, in this
case, are distances between cities.

If there is no edge between the nodes, the cost is infinity.

20.1.2 Least-Cost Routing

One of the ways to interpret the best route from the source router to the
destination router is to find the least cost between the two.

The source router chooses a route to the destination router in such a way that
the total cost for the route is the least cost among all possible routes. In
Figure 20.1, the best route between A and E is A-B-E, with the cost of 6.

Least-Cost Trees
A least-cost tree is a tree with the source router as the root that spans the
whole graph (visits all other nodes) and in which the path between the root
and any other node is the shortest.
 Properties of least cost tree:
1. The least-cost route from X to Y in X’s tree is the inverse of the least-cost
route from Y to X in Y’s tree; the cost in both directions is the same.
2. For example, in Figure 20.2, we can go from A to G in A’s tree using the
route (A → B → E → F → G). We can also go from A to E in A’s tree (A →
B → E) and then continue in E’s tree using the route (E → F → G). The
combination of the two routes in the second case is the same route as in
the first case. The cost in the first case is 9; the cost in the second case is
also 9 (6 + 3).

20.2 ROUTING ALGORITHMS

20.2.1 Distance-Vector Routing using bellman-ford algorithm

How to build least cost paths/trees?
We will show how we use the Bellman-Ford equation and the concept of distance
vectors to build least-cost paths for each node in distance-vector routing

Bellman-Ford Equation
The heart of distance-vector routing is the famous Bellman-Ford equation.
This equation is used to find the least cost (shortest distance) between a source
node, x, and a destination node, y, through some intermediary nodes (a, b, c, . . .)

Dij is the shortest distance and cij is the cost between nodes i and j.

Figure 20.3 Graphical idea behind Bellman-Ford equation

Distance Vectors
Figure 20.4 shows the tree for node A in the internet in Figure 20.1 and the
corresponding distance vector.

A distance vector can represent least-cost paths in a least-cost tree. The question is
how each node in an internet originally creates the corresponding vector. Each node
in an internet, when it is booted, creates a very basic distance vector with the
minimum information the node can obtain from its neighbourhood. The node sends
some greeting messages and discovers the identity of the immediate neighbors and
the distance between itself and each neighbor. It then makes a simple distance
vector.
To improve these vectors, the nodes in the internet need to help each other by
exchanging information. After each node has created its vector, it sends a copy of
the vector to all its immediate neighbors. After a node receives a distance vector
from a neighbor, it updates its distance vector using the Bellman-Ford equation
(second case).
Distance-Vector Routing Algorithm
Refer to lab program

Count to Infinity
A problem with distance-vector routing is that any decrease in cost (good news)
propagates quickly, but any increase in cost (bad news) will propagate slowly. The
problem is referred to as count to infinity. It sometimes takes several updates before
the cost for a broken link is recorded as infinity by all routers.

One solution to instability is called split horizon. In this strategy, instead of flooding
the table through each interface, each node sends only part of its table through each
interface. If, according to its table, node B thinks that the optimum route to reach X is
via A, it does not need to advertise this piece of information to A; the information has
come from A (A already knows).

Poison Reverse
Using the split-horizon strategy has one drawback. Normally, the routing protocol
uses a timer, and if there is no news about a route, the node deletes the route from
its table. When a node B eliminates the route to X from its advertisement to A, node
A cannot guess whether this is due to the split-horizon strategy or because B has not
received any news about X recently. In the poison reverse strategy B can still
advertise the value for X, but if the source of information is A, it can replace the
distance with infinity as a warning

20.2.2 Link-State Routing

In this algorithm the cost associated with an edge defines the state of the link. Links
with lower costs are preferred to links with higher costs; if the cost of a link is infinity,
it means that the link does not exist or has been broken.

Link-State Database (LSDB)

The collection of states for all links is called the link-state database (LSDB). There is
only one LSDB for the whole internet; each node needs to have a duplicate of it to be
able to create the least-cost tree. Figure 20.8 shows an example of an LSDB for the
graph in Figure 20.1.
How to create this LSDB that contains information about the whole internet. This can
be done by a process called flooding. Each node can collect and send information
about neighbor nodes to the entire network.

each node creates the comprehensive LSDB as shown in Figure 20.9.

in the link-state routing algorithm, each router tells the whole internet what it knows
about its neighbors.

Formation of Least-Cost Trees

Using the shared LSDB, each node needs to run the famous Dijkstra Algorithm.

Figure 20.10 shows the formation of the least-cost tree for the graph in Figure 20.8
using Dijkstra’s algorithm.
Initialize source node with value 0 and all other nodes infinity.
Identify the non-coloured node with least cost value. Change colour. Change
incoming lines to solid lines. Identify costs of its immediate neighbours. If it is
minimum than existing value, connect them through dotted line and replace the
value. Repeat till all the nodes change colour.

20.2.3 Path-Vector Routing

Both link-state and distance-vector routing are based on the least-cost goal.
However, there are instances where this goal is not the priority. For example,
assume that there are some routers in the internet that a sender wants to prevent its
packets from going through. For example, a router may belong to an organization
that does not provide enough security or it may belong to a commercial rival of the
sender which might inspect the packets for obtaining information. Least-cost routing
does not prevent a packet from passing through these routers.

To respond to these demands, a third routing algorithm, called path-vector (PV)

routing has been devised.
Spanning Trees
A source may apply several policies and can choose the route that meets its policy
best. One of the common policies use the minimum number of nodes to be visited.
Another common policy is to avoid some nodes as the middle node in a route.
Figure 20.11 shows a small internet with only five nodes. Each source has created
its own spanning tree that meets its policy.

Creation of Spanning Trees

When a node is booted, it creates a path vector based on the information it can
obtain about its immediate neighbour.
Figure 20.12 shows all of these path vectors

Each node, after the creation of the initial path vector, sends it to all its immediate
neighbors. Each node, when it receives a path vector from a neighbor, updates its
path vector using an equation similar to the Bellman-Ford, but applying its own policy
instead of looking for the least cost.
Figure 20.13 shows the path vector of node C after two events.

20.3 UNICAST ROUTING PROTOCOLS

Three common protocols used in the Internet: Routing Information Protocol (RIP),
based on the distance-vector algorithm, Open Shortest Path First (OSPF), based on
the link-state algorithm, and Border Gateway Protocol (BGP), based on the path-
vector algorithm.

20.3.1 Internet Structure

There are several backbones run by private communication companies that provide
global connectivity. These backbones are connected by some peering points that
allow connectivity between backbones. At a lower level, there are some provider
networks that use the backbones for global connectivity but provide services to
Internet customers.

Hierarchical Routing
The Internet today is made of a huge number of networks and routers that connect
them. It is obvious that routing in the Internet cannot be done using a single
protocol for two reasons: a scalability problem and an administrative issue.
Scalability problem means that the size of the forwarding tables becomes huge
The administrative issue is related to administrator needs to have control in its
system.

Hierarchical routing means considering each ISP as an autonomous system (AS).

Each AS can run a routing protocol that meets its needs, but the global Internet runs
a global protocol to glue all ASs together. The routing protocol run in each AS is
referred to as intra-AS routing protocol, intradomain routing protocol, or interior
gateway protocol (IGP); the global routing protocol is referred to as inter-AS routing
protocol, interdomain routing protocol, or exterior gateway protocol (EGP). We can
have several intradomain routing protocols, and each AS is free to choose one, but it
should be clear that we should have only one interdomain protocol that handles
routing between these entities. Presently, the two common intradomain routing
protocols are RIP and OSPF; the only interdomain routing protocol is BGP.

Autonomous Systems
Each ISP is an autonomous system. Each AS is given an autonomous number
(ASN). The autonomous systems are categorized according to the way they are
connected to other ASs. We have stub ASs, multihomed ASs, and transient ASs.

Stub AS. A stub AS has only one connection to another AS. The data traffic can be
either initiated or terminated in a stub AS; the data cannot pass through it. A good
example of a stub AS is the customer network, which is either the source or the
destination.
Multihomed AS. A multihomed AS can have more than one connection to other ASs,
but it does not allow data traffic to pass through it. A good example of such an AS is
some of the customer ASs that may use the services of more than one provider
network, but their policy does not allow data to be passed through them.
Transient AS. A transient AS is connected to more than one other AS and also
allows the traffic to pass through. The provider networks and the backbone are good
examples of transient ASs.

AS2, AS3, and AS4 are stub autonomous systems; AS1 is a transient one.

20.3.2 Routing Information Protocol (RIP)

The Routing Information Protocol (RIP) is one of the most widely used intradomain
routing protocols based on the distance-vector routing algorithm.
Since a router in an AS needs to know how to forward a packet to different networks
(subnets) in an AS, RIP routers advertise the cost of reaching different networks. RIP
Protocol uses hop count as a routing metric to find the best path between the source
and the destination network.

A forwarding table in RIP is a three-column table in which the first column is the
address of the destination network, the second column is the address of the next
router to which the packet should be forwarded, and the third column is the cost (the
number of hops) to reach the destination network.
RIP prevents routing loops by limiting the number of hops allowed in a path from
source and destination. The maximum hop count allowed for RIP is 15 and a hop
count of 16 is considered as network unreachable.

RIP Implementation
RIP runs at the application layer, but creates forwarding tables for IP at the network
later. RIP has gone through two versions: RIP-1 and RIP-2.

RIP Messages

RIP has two types of messages: request and response. A request message is
sent by a router that has just come up. A response (or update) message is
sent only in answer to a request message or is sent periodically or when there
is a change in the forwarding table.

RIP Algorithm
RIP implements the same algorithm as the distance-vector routing algorithm
we discussed in the previous section. However, some changes need to be
made:
❑ Instead of sending only distance vectors, a router needs to send the whole
contents of its forwarding table in a response message.
❑ The receiver adds one hop to each cost and changes the next router field
to the address of the sending router.

Timers in RIP
RIP uses three timers to support its operation.
The periodic timer controls the advertising of regular update messages. The
timer counts down; when zero is reached, the update message is sent, and
the timer is randomly set once again.
The expiration timer governs the validity of a route. Every time a new update
for the route is received, the timer is reset. If there is a problem on an internet
and no update is received within the allotted expiration time, the route is
considered expired
The garbage collection timer is used to remove a route from the forwarding
table when a route becomes invalid.

Performance
Update Messages. The update messages in RIP have a very simple format
and are sent only to neighbors; They do not normally create traffic because
the routers try to avoid sending them at the same time.
Convergence of Forwarding Tables. RIP uses the distance-vector algorithm,
which can converge slowly if the domain is large, but, since RIP allows only
15 hops in a domain (16 is considered as infinity), there is normally no
problem in convergence.
Robustness. The Routing Information Protocol (RIP) is not a robust routing
protocol. If there is a failure or corruption in one router, the problem will be
propagated to all routers and the forwarding in each router will be affected.

20.3.3 Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is also an intradomain routing protocol like
RIP, but it is based on the link-state routing protocol

In OSPF each link (network) can be assigned a weight based on the

throughput, round-trip time, reliability, and so on. An administration can also
decide to use the hop count as the cost. Then the cost of reaching from
source to destination can be calculated.
Forwarding Tables- Each OSPF router can create a forwarding table after
finding the shortest-path tree between itself and the destination using
Dijkstra’s algorithm
Areas -Compared with RIP, which is normally used in small ASs, OSPF was
designed to be able to handle routing in a small or large autonomous system.

Link-State Advertisement -OSPF is based on the link-state routing algorithm,

which requires that a router advertise the state of each link to all neighbors for
the formation of the LSDB.

Five advertisements and their uses.

Router link. A router link advertises the existence of a router as a node.
Network link. A network link advertises the network as a node.
Summary link to network. This is done by an area border router; it advertises
the summary of links collected by the backbone to an area. This type of
information exchange is needed to glue the areas together.
Summary link to AS. This is done by an AS router that advertises the
summary links from other ASs to the backbone area of the current AS
External link. This is also done by an AS router to announce the existence of a
single network outside the AS to the backbone area to be disseminated into
the areas.

OSPF Implementation -OSPF is implemented as a program in the network

layer, using the service of the IP for propagation.

OSPF Messages - it uses five different types of messages.

The hello message (type 1) is used by a router to introduce itself to the
neighbors.
The database description message (type 2) is normally sent in response to
the hello message to allow a newly joined router to acquire the full LSDB.
The link state request message (type 3) is sent by a router that needs
information about a specific LS.
The link-state update message (type 4) is the main OSPF message used for
building the LSDB.
The link-state acknowledgment message (type 5) is used to create reliability
in OSPF; each router that receives a link-state update message needs to
acknowledge it.

Authentication
this prevents a malicious entity from sending OSPF messages to a router and
causing the router to become part of the routing system to which it actually
does not belong.

OSPF Algorithm
OSPF implements the link-state routing algorithm we discussed in the
previous section. However, some changes and augmentations need to be
added to the algorithm:
❑ After each router has created the shortest-path tree, the algorithm needs to
use it to create the corresponding routing algorithm.
❑ The algorithm needs to be augmented to handle sending and receiving all
five types of messages.
performance of OSPF:
Update Messages- The link-state messages in OSPF have a somewhat
complex format. these messages may create heavy traffic and use a lot of
bandwidth.
Convergence of Forwarding Tables- When the flooding of LSPs is completed,
each router can create its own shortest-path tree and forwarding table;
convergence is fairly quick.
Robustness. The OSPF protocol is more robust than RIP because, after
receiving the completed LSDB, each router is independent and does not
depend on other routers in the area.

(robustness is the ability of a network to maintain its functionality and

structural integrity after being attacked or experiencing some kind of
disturbances)

20.3.4 Border Gateway Protocol Version 4 (BGP4)

The Border Gateway Protocol version 4 (BGP4) is the only interdomain
routing protocol used in the Internet today. BGP4 is based on the path-vector
algorithm.

Figure 20.24 shows an example of an internet with four autonomous systems.

AS2, AS3, and AS4 are stub autonomous systems; AS1 is a transient one.

Each autonomous system in this figure uses one of the two common
intradomain protocols, RIP or OSPF.
To enable each router to route a packet to any network in the internet, we first
install a variation of BGP4, called external BGP (eBGP), on each border
router (the one at the edge of each AS which is connected to a router at
another AS). We then install the second variation of BGP, called internal BGP
(iBGP), on all routers. This means that the border routers will be running three
routing protocols (intradomain, eBGP, and iBGP), but other routers are
running two protocols (intradomain and iBGP).
 Operation of External BGP (eBGP)
The eBGP variation of BGP allows two physically connected border routers in
two different ASs to exchange messages.

For example, in fig 20.24, message number 1 is sent by router R1 and tells
router R5 that N1, N2, N3, and N4 can be reached through router R1 . When
R5 receives any packet destined for these four networks, it can use its
forwarding table and find that the next router is R1.

There are two problems that need to be addressed:

1. Some border routers do not know how to route a packet destined for non-
neighbor ASs. For example, R5 does not know how to route packets
destined for networks in AS3 and AS4.
2. None of the non-border routers know how to route a packet destined for
any networks in other ASs.

To address the above two problems, we need to allow all pairs of routers (border or
non-border) to run the second variation of the BGP protocol, iBGP.

Operation of Internal BGP (iBGP)

iBGP protocol creates sessions between all possible pair of routers inside an
autonomous system (a fully connected mesh).

Injection of Information into Intradomain Routing:

The role of an interdomain routing protocol such as BGP is to help the routers inside
the AS to augment their routing information. In other words, the path tables collected
and organized by BGP are not used for routing packets; they are injected into
intradomain forwarding tables (RIP or OSPF) for routing packets.

Figure 20.28 Forwarding tables after injection from BGP

Address Aggregation
Intradomain forwarding tables obtained with the help of the BGP4 protocols may
become huge in the case of the global Internet because many destination networks
may be included in a forwarding table. Fortunately, BGP4 allows the aggregation of
subnets if can be reached through one path.

Path Attributes
In both intradomain routing protocols (RIP or OSPF), a destination is normally
associated with two pieces of information: next hop and cost. The first one shows the
address of the next router to deliver the packet; the second defines the cost to the
final destination.
Inter domain routing BGP needs more information about how to reach the final
destination. In BGP these pieces are called path attributes. It uses 7 path attributes.
The format for an attribute is shown in Figure 20.29.

The first byte in each attribute defines the four attribute flags
The next byte defines the type of attributes. There are 7 types.
ORIGIN (type 1) defines the source of the routing information.
AS-PATH (type 2) defines the list of autonomous systems through which the
destination can be reached.
NEXT-HOP (type 3) defines the next router to which the data packet should be
forwarded.
MULT-EXIT-DISC (type 4) -if router has multiple paths to the destination with
different values related to these attributes, the one with the lowest value is selected.
LOCAL-PREF (type 5) - The routes the administrator prefers are given a higher local
preference value
ATOMIC-AGGREGATE (type 6) - defines the destination prefix as not aggregate
AGGREGATOR (type 7) emphasizes that the destination prefix is an aggregate.
The attribute value length defines the length of the attribute value field

Route Selection
The route selection process in BGP is not as easy as the ones in the intradomain
routing protocol that is based on the shortest-path tree. A route in BGP has some
attributes attached to it.
The router extracts the routes which meet the criteria in each step. If only one route
is extracted, it is selected and the process stops; otherwise, the process continues
with the next step.

Messages
BGP uses four types of messages for communication between the BGP speakers
across the ASs and inside an AS: open, update, keepalive, and notification

Performance -BGP performance can be compared with RIP. BGP exchanges a lot of
messages to create forwarding tables, but BGP is free from loops and count-to-
infinity.

21.3.2 Multicast Link State (MOSPF)

Multicast routing is a method in network communication where data is sent from one
source to multiple specific destinations simultaneously. Unlike unicast (one-to-one)
or broadcast (one-to-all) communication, multicast is designed for one-to-many or
many-to-many distribution
Multicast Open Shortest Path First (MOSPF) is the extension of the Open Shortest
Path First (OSPF) protocol, which is used in unicast routing.
A router goes through the following steps to forward a multicast packet received from
source S and to be sent to destination G (a group of recipients):
1. The router uses the Dijkstra algorithm to create a shortest-path tree with S as
the root and all destinations in the internet as the leaves.
2. The router creates a shortest-path subtree with itself as the root of the
subtree.
3. The shortest-path subtree is actually a broadcast subtree with the router as
the root and all networks as the leaves. The router now changes it to a
multicast tree.
4. The router can now forward the received packet out of only those interfaces
that correspond to the branches of the multicast tree.