The Network Layer

To solve the problem of delivery of data from source to destination through several links, the network
layer was designed. It is the lowest layer that deals with source-to-destination transmission. As
source and destination are in di erent networks, the network layer must know the topology of the
network (i.e., all routers and links) and determine an appropriate path through it. The network layer
deals with it using its network layer protocol, IP.
Role of Network Layer: The primary role of the network layer is to move packets from a sending host
to a receiving host. The figure shows a simple network with two hosts, H1 and H2, and routers on the
path between H1 and H2. Now, to send data from H1 to H2, we see the role of network layer in these
hosts and in the intermediate routers. The network layer in H1 takes segment from the transport layer
in H1, encapsulates each segment into a packet, and then sends the packet to its nearby router, R1.
At the receiving host, H2, the network layer receives the packet from its nearby router R5, extracts the
transport-layer segment, and delivers the segment up to the transport layer at H2.

Two important network-layer functions (Data Plane function and Control Plane function):
Forwarding in the Internet: (The Network Layer Data Plane function)
Forwarding (Data Plane function) determines how a packet arriving on one of a router’s input links
is forwarded to one of that router’s output links. For example, a packet arriving from Host H1 to Router
R1 must be forwarded to the next router on a path to H2. The forwarding table is used when a packet
is being forwarded and a row in the forwarding table contains the mapping from a network
address/prefix to an outgoing interface and MAC, i.e. the Ethernet address of the next hop. We’ll
cover IP forwarding, IP Protocols (IPv4 and IPv6), and IP addressing in detail.

Routing (Control Plane function). Routing refers to the network-wide process that determines the
end-to-end paths that packets take from source to destination. The algorithms that calculate these
paths are referred to as routing algorithms. The routing algorithms determine, for example, the path
for the packets from H1 to H2. The routing table is built up by the routing algorithms before building
the forwarding table. It generally contains mappings from network addresses/prefixes to the next
hops/routers. Example Rows from (a) Routing and (b) Forwarding Tables
What happens at the router: When a packet arrives at the router, the packet is stored there until it
has fully arrived, and the link has finished its processing by verifying the checksum. Then, the frame
header and trailer are stripped o and the packet located in the frame’s payload field is passed to the
routing software. This software uses the packet header to choose an output line. Then it is forwarded
to the next router. This mechanism is store-and-forward packet switching.

Services Provided to the Transport Layer: The transport layer provides process-to-process
communication by relying on the network layer’s host-to-host communication service.
Connectionless service: In a connectionless service, packets are injected into the network
individually and routed independently of each other. No advance setup is needed. In this context, the
packets are called datagrams (like telegrams) and the network is called a datagram network. For
example: Consider H1 has a large message which is fragmented into four packets for transmission.
Each router forwards packets based on its routing table, which maps destinations to outgoing links.
Initially, packets follow a predetermined route, but if network conditions change (e.g., congestion),
routing tables are updated dynamically. In this example, packets 1-3 follow the same path, while
packet 4 takes a di erent route due to updated routing decisions.

Connection-oriented service: In a connection-oriented service, a path from the source router to the
destination router must be established before any data packets can be sent. This connection is called
a virtual circuit (like physical circuits set up by telephone system), and the network is called a virtual-
circuit network. When a connection is established, a route from the source to the destination is
chosen as part of the connection setup and stored in tables in the routers. That route is used for all
tra ic on connection. When the connection is released, the virtual circuit is also terminated. For
example: Here, host H1 establishes connection-1 with host H2. This connection is remembered as
the first entry in each of the routing tables. The first entry in R1’s table says that if a packet with
connection-1 comes in from H1, it is to be sent to router R4 and given connection-1. Similarly, the first
entry at R4 routes the packet to R5, also with connection-1.
Internet Protocol

The glue that holds the whole Internet together is the network layer protocol, IP (Internet Protocol). It
is a set of rules that allow devices to communicate with each other over the Internet. It helps with
addressing and routing packets of data to travel across networks and arrive at the correct destination.
IP information (a source IP address, a destination IP address, etc.) is attached to each packet, which
helps routers to send packets to the right place. IP is an unreliable, best-e ort, and connectionless
packet delivery protocol. The best-e ort means that the packets sent by IP might be lost or arrive out
of order. IP assumes higher layer protocols will address these issues.

Internet Protocol (IP) Addressing

How are hosts and routers connected to the Internet?: IP addresses are used by the IP protocol to
uniquely identify a host on the Internet. A host typically has only a single interface to the network; IP
in the host uses this interface when it wants to send a packet. For routers, the job is to receive a
packet on one interface and forward the packet on some other interface. Thus, a router necessarily
has two or more interfaces. Because every host and router connected to the Internet is capable of
sending and receiving IP packets, IP requires each host and router interface to have its own IP
address, which is globally unique (except for interfaces behind NATs). Thus, an IP address is
technically associated with an interface, rather than with the host or router containing that interface.

IPv4 Address: Each IPv4 address is 32-bit long and there are a total of 232 (approximately 4 billion)
possible IP addresses. The IP address is comprised of a variable-length network portion and a host
portion. An example of an IPv4 address in binary notation: 01110101 10010101 00011101 00000010.
Decimal representation of IPv4 address: In this format, each of the 4 bytes is written in decimal,
from 0 to 255. The dotted decimal notation of the above address: 117.149.29.2.

Classful Addressing: IPv4 addressing used the concept of classful addressing. The address space is
divided into five classes: A, B, C, D, and E. An IP address in class A, B, or C is divided into network
portion and host portion. The details of no. of bits of host portion, no. of bits of network portion, no.
of networks, no. of addresses per network, first address, last address are given in table below.
Class Leading Net ID Host ID # Networks #addresses Start address End address
bits bits bits per Network
A 0 8 24 2 7
224 0.0.0.0 127.255.255.255
B 10 16 16 2 14
2 16
128.0.0.0 191.255.255.255
C 110 24 8 221 28 192.0.0.0 223.255.255.255
D 1110 - - - - 224.0.0.0 239.255.255.255
E 1111 - - - - 240.0.0.0 255.255.255.255
Subnet Mask: Since the network portion cannot be inferred from the IP address alone, it is di icult
for a router to filter packets for a particular network. Thus, a router uses a concept known as subnet
mask (in which n leftmost bits are 1s and the 32- n rightmost bits are 0s), which filters out the network
portion by ANDing with all 1’s with the IP address. For example, the subnet mask is 255.255.0.0.
Subnetting: The network portion is same for all hosts on a single network, which causes problems as
the network grows. To overcome this, subnetting is used, which splits a network into several subnets
for internal use but still acts like a single network to the outside world. Problem: When a packet
comes to the main router, how does the router know which subnet to give it to? Solution: Each subnet
has its own subnet mask which is created by dividing the host portion of the IP address into a subnet
portion and a host portion. The IP address is interpreted as: <net id ><subnet id ><host id >. The
routers need to know these subnet masks. When a packet arrives, the router ANDs the destination IP
address with the subnet mask for each subnet, the resulting subnetwork id represents the subnet to
which the arrived packet should be given.

Issues with Classful Addressing: Organizing the address space by classes wastes millions of IP
addresses. For most organizations, class A, with 16 million addresses, is too big, and class C, with
256 addresses, is too small. A class B, with 65,536 addresses, is right. However, an organization with
2,000 hosts is typically allocated a class B (/16) subnet address (with 65,534 addresses), leaving more
than 63,000 addresses that could not be used by other organizations.

CIDR (Classless Inter-Domain Routing)

In CIDR, an organization is granted a range of addresses based on its nature and size. For example, an
Internet service provider may need thousands or hundreds of thousands of addresses based on its
number of customers.

Prefix: Since the network portion cannot be inferred from the IP address alone, it is di icult for a
router to filter packets for a particular network. In CIDR addressing, the network portion of an IP
address is presented through a prefix (any value from 0 to 32) preceded by a slash. A prefix
determines how many bits of the IP address define the network. The routing protocols must carry
prefixes to router so that a router filters packets for a particular network.

CIDR Notation: In CIDR, a range of addresses can be defined as x.y.z.t/n, which can completely
define the first address, the last address, and the number of addresses. The first address can be found
by setting the rightmost 32-n bits to 0s. The last address can be found by setting the rightmost 32-n
bits to 1s. The number of addresses can be found by using the formula 232-n. For example,

Subnetting with CIDR: Edinburgh is granted a block of addresses, and it wants to create subnets and
divide the addresses between them. The rest of the world still sees the Edinburgh as one entity;
however, internally there are several subnets. All messages are sent to the router address that
connects Edinburgh to the rest of the Internet. Problem: How does the router route the message to
the appropriate subnets. Solution: Edinburgh needs to create subnet masks, each assigned to
specific subnets. Edinburgh has its own mask, and each subnet has its own subnet mask.

For example: Edinburgh is granted a block 194.24.8.0/22, which contains 1024 addresses. Edinburgh
has three o ice subnets and needs to divide the addresses into three subblocks of 512, 256, and 256
addresses. The mask for the first subnet is n1, then 232- n1 must be 512, which means that n1=23. The
mask for the second subnet is n2, then 232-n2 must be 256, which means that n2 = 24. The mask for
the third subnet is n3, then 232-n3 must be 256, which means that n3 =24. This means that we have the
masks 23, 24, 24 with the organization mask being 22.

When a packet arrives, the main router looks at the destination address of the packet and checks
which subnet it belongs to. The router does this by ANDing the destination address with the mask for
each subnet and check to see if the result is the corresponding network address of that subnet. For
example, consider a packet destined for IP address 194.24.9.151. To see if it is for EE, we AND with
255.255.255.0 (based on the first 24 bits prefix of EE), it results 194.24.9.0) and see if they match the
network address of EE (which is 194.24.10.0). They do not match. Now, to check for CS., we AND with
the 255.255.254.0 (based on the first 23 bits prefix of CS), it results 194.24.8.0. This does match the
network address of CS, so the packet is forwarded onto the interface which leads to the CS network.

NAT—Network Address Translation

The IP address exhaustion problem: It is the depletion of available 4.3 billion IPv4 addresses due
to the rapid growth of Internet, ine icient early allocation, etc. The exhaustion became critical in the
2010s when the last IPv4 blocks were allocated. Although IPv6 provides an unlimited number of
addresses, its adoption has been slow due to infrastructure and compatibility challenges. As a result,
the temporary solution is network address translation (NAT) to mitigate IPv4 exhaustion. NAT allows
multiple devices within a private network to share a single public IP address by dynamically
translating private IP addresses to a public IP address. This reduces the number of required public IPs
and enables ISPs to serve thousands of users with limited IPv4 addresses.

For example: The figure shows the customer network has an address space 10.0.0.0/8 that is one of
three portions of the IP address space that is reserved for the private networks. ISP assigns customer
network/NAT router a single public IP address 115.243.103.7 for Internet tra ic. Within the customer
network, every computer gets a unique private IP address, e.g. 10.0.0.1. However, just before a packet
from 10.0.0.1 exits the customer network and goes to the Internet, NAT converts the unique internal
IP address to the public IP address 115.243.103.7 of NAT router. NAT behaves to the outside world as
a single device with a single IP address. In Figure, all tra ic leaving the NAT router for the Internet has
a source IP address of 115.243.103.7, and all tra ic entering the NAT router has a destination address
of 115.243.103.7. In essence, the NAT hides the details of the customer network from the Internet.
Private IP addresses: The three reserved ranges are:

NAT translation table: If all packets (from the Internet) arriving at the NAT router have the same
destination IP address, how the router knows the internal host to which packet should be forwarded?
The router uses a NAT translation table with port numbers and IP addresses in the table entries.

How NAT Works? Consider the example in Figure. A host 10.0.0.1 in a customer network requests a
Web page on port 80 with an IP address 128.119.40.186. The host 10.0.0.1 assigns the source port
number 3345 and sends the packet to NAT router. The NAT router receives the packet, generates a
new source port number 5001 for the packet, replaces the source IP address with its public IP address
115.243.103.7, and replaces the original source port number 3345 with the new source port number
5001. When generating a new source port number, the NAT router can select any source port number
that is not currently in the NAT translation table. NAT in the router also adds an entry to its NAT
translation table. The Web server responds with a packet whose destination address is the IP address
of the NAT router, and whose destination port number is 5001. When this packet arrives at the NAT
router, the router indexes the NAT translation table using the destination IP address and destination
port number to obtain the appropriate IP address (10.0.0.1) and destination port number (3345) for
the browser in the customer network. The router then rewrites the packet’s destination address and
destination port number and forwards the packet into the customer network.

IP (IPv4) Protocol Packet/Datagram format (Header + data)

IP is an unreliable and connectionless protocol. There is no error and flow control. To achieve
reliability, it uses a reliable protocol such as TCP. The IP header provides information about various
functions the IP performs. The IP header format is shown below with a description of each field.
Version (4 bits): These 4 bits specify the IP protocol version in use (typically 4). By looking at the
version number, the router can determine how to interpret the remainder of the IP packet.

Header length (IHL/HLEN) (4 bits): Length of the header, expressed as the number of 32-bit words.
Minimum size is 5, and maximum 15. Because an IPv4 packet can contain a variable size options
field, these 4 bits are needed to determine where in the IP packet the payload/data actually begins.
Service Type (8 bits)/Di erentiated services: Allows packet to be assigned a priority and allows
di erent types of IP packets to be distinguished from each other. For example, it might be useful to
distinguish real-time packets (such as those used by an IP telephony application) from non-real time
tra ic (for example, FTP). Router can use this field to route packets. Not universally used.

Total Length (16 bits): Total size of the packet (header + data) in bytes. Maximum size is (216) 65536
bytes. However, packets are rarely larger than 1,500 bytes, which allows an IP packet to fit in the
payload field of a maximally sized Ethernet frame.
Identification, Flags, Fragment O set: These three fields are used to handle IP fragmentation.

IPv4 fragmentation: It occurs when a packet is too large (e.g. 4000 bytes) to be transmitted over a
network with a smaller Maximum Transmission Unit (MTU) (e.g. 1500 bytes), the MTU is the maximum
amount of data that a link-layer frame can carry. Because each IP packet is encapsulated within the
link-layer frame for transport from one router to the next router, the MTU of the link-layer protocol
places a hard limit on the length of an IP packet. Each of the links along the route between sender and
destination can use di erent MTUs. For example, suppose a router receives an IP packet from one
link, and checks its forwarding table to determine the outgoing link, and this outgoing link has an MTU
that is smaller than the length of the IP packet. How are you going to squeeze this oversized IP packet
into the payload field of the link-layer frame? The solution is to fragment the payload in the IP packet
into two or more smaller IP packets, encapsulate each of these smaller IP packets in a separate link-
layer frame; and send these frames over the outgoing link. Each of these smaller IP packets is referred
to as a fragment. IPv6 does not allow for fragmentation.

Identification (16-bits): Unique ID is used to identify fragments of the same packet.

Flags (3 bits, first bit is reserved, DF-Don't Fragment bit and MF-More Fragments bit): DF (1 → The
packet must not be fragmented. 0 → The packet can be fragmented if needed. MF (1 → More fragments
are coming (i.e., this is not the last fragment). 0 → This is the last fragment or only fragment.

Case 1: DF = 0, MF = 0 (No Fragmentation or Last Fragment). A small packet (e.g., 1000 bytes) is
transmitted and it fits within the MTU, and no fragmentation is needed.
Case 2: DF = 0, MF = 1 (Fragmentation, More Fragments). A 3000-byte packet is transmitted over a
network where MTU = 1500 bytes. The router fragments the packet into: Fragment 1: 1500 bytes (MF
= 1 → more fragments follow) and Fragment 2: 1480 bytes (MF = 0 → last fragment)
Case 3: DF = 1, MF = 0 (Large Packet, No Fragmentation Allowed). A 2000-byte packet is sent over
a network with MTU = 1500 bytes and Since DF is set, the router cannot fragment it. The packet is
dropped, and the sender receives an ICMP "Fragmentation Needed" message.

Fragment O set (13 bits): Specifies the position of the fragment in the original packet. It is used to
reassemble the data from all the fragments at the receiver. The o set value must be the number of 8-
byte blocks of data, which means the data in the prior fragment must be a multiple of 8 bytes. In first
fragment the o set is 0 as the data in this packet starts in the same place as the data in the original
packet. The last fragment can carry data that is not a multiple of 8 bytes as there will not be a further
fragment. For example, if a packet of size 4000 bytes needs to be sent and MTU is1500 bytes, then
Total data to be fragmented = 4000 - 20 (header) = 3980 bytes. The maximum data per fragment is
1500 bytes – 20 bytes (IPv4 Header Size, fix for each fragment) = 1480 bytes. So, the 1st Fragment: 20
bytes IP header, 1480 bytes of data, O set = 0, MF = 1, the 2nd Fragment: 20 bytes IP header, 1480
bytes of data, O set = 185, MF = 1, and 3rd Fragment: 20 bytes IP header, 1020 bytes of data, O set
= 370, MF = 0 (last fragment).
Why 8-bytes blocks of data in the fragments (except the last fragment): The maximum total length
of IPv4 packet is 65,536 bytes and Fragment O set Field Size is 13 bits which can represent the
maximum value 213−1 i.e. 8191. However, if the o set were in 1-byte units, it could only represent
o sets up to 8191 bytes, which is too small. Thus, 8-bytes blacks are used. By using 8-byte units,
the maximum o set becomes 8191×8=65,528 bytes, covering nearly the full IPv4 packet size.

Time to Live (8 bits): Limits the lifetime of a packet and prevents a packet from traveling forever in a
loop in the network. Sender sets a value, that is decremented at each hop/router. If it reaches zero,
the packet is discarded by the router.

Protocol: It defines the transport-layer protocol that uses the service of the IP layer. (e.g., ICMP = 1,
TCP = 6, UDP = 17).
Header Checksum (16 bits): The header checksum helps a router in detecting bit errors in a received
IP packet. Header is treated as a sequence of 16-bit integers. The integers are all added using ones
complement arithmetic. Ones complement of the final sum is taken as the checksum. A router
computes the header checksum for each received IP packet and detects an error if the checksum
carried in the packet header does not equal the computed checksum. Routers typically discard
packets for which an error has been detected. Note that the checksum must be recomputed and
stored again at each router, since the TTL field, and possibly the options field as well, will change.

Source IP (32 bits) and Destination IP (32 bits): When a source creates a packet, it inserts its IP
address into the source IP address field and inserts the address of the ultimate destination into the
destination IP address field. The source host determines the destination address via a DNS lookup.

Options (variable width up to 40 bytes): Rarely Used in modern networks due to performance
concerns. Thus, it is present only when required (not in every packet). It provides additional
functionalities such as recording routes, controlling source routing, adding timestamps, and
enhancing security. The Record Route (RR) option allows each router to append its IP address,
enabling network administrators to track packet paths. Similarly, Strict Source Routing (SSR)
dictates the exact route a packet must follow. The Timestamp option lets routers insert timestamps,
helping measure network latency. Additionally, security options mark packets with classification
levels like Confidential or Secret, primarily used in government and military networks. However, due
to increased processing overhead and security concerns, most modern networks ignore or drop
packets containing options, making them less common in today's internet infrastructure.

Data: In most circumstances, the data field of the IP packet contains the transport-layer segment
(TCP or UDP) to be delivered to the destination. However, the data field can carry other types of data,
such as ICMP messages.
 IPv6 (IP version 6)
In the early 1990s, the Internet Engineering Task Force began an e ort to develop a successor to the
IPv4 protocol. To respond to the need for a large IP address space, the only long-term solution is a
new IP protocol, IPv6. It uses 128-bit addresses. However, IPv6 has proved very di icult to deploy. It
is a di erent network layer protocol that does not really interwork with IPv4, despite many similarities.

IPv6 Packet Format: The most important changes introduced in IPv6 are

1. Expanded addressing capabilities. IPv6 increases the size of the IP address from 32 to 128 bits.
This ensures that the world will not run out of IP addresses. In addition to unicast and multicast
addresses, IPv6 introduces a new type of address, called an anycast address, that allows a packet
to be delivered to any one of a group of hosts. IPv6 address: It is 128 bits long, divided into eight 16-
bit fields, each represented by four hexadecimal digits (0-9, a-f). For example: A typical IPv6
address might look like 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
2. Better Routing and Performance: IPv6 simplifies routing by eliminating fragmentation
3. Fixed header. 40-byte fixed-length header allows for faster processing of the IP packet by a router.
4. Flow labeling. IPv6 has flow label that allows “labeling of packets belonging to particular flows for
which the sender requests special handling, such as a non-default quality of service or real-time
service. A flow is a sequence of packets sent from a source to a destination that require special
handling, such as low latency or guaranteed bandwidth.

Version (4-bit): Identifies the IP version number, IPv6 carries a value of 6 in this field. Note that putting
a 4 in this field does not create a valid IPv4 packet.
Di . service/Tra ic class (8-bits). Like the Di . service in IPv4, this field can be used to give priority
to certain packets within a flow, or to give priority to packets from certain applications (for example,
voice-over-IP) over packets from other applications (for example, SMTP e-mail).
Flow label (20-bits): It is used to identify the flow of packets. The sending host assigns a unique Flow
Label for a specific flow (e.g., a video call). All packets in that flow have the same Flow Label. Routers
use this label to forward packets e iciently, avoiding unnecessary lookups in their routing tables.
Payload length (16-bits): It gives the number of bytes in the IPv6 payload following the IP header.
Next header (8-bits): Identifies the protocol to which the contents (data) of this packet will be
delivered (for example, to TCP or UDP). It uses the same values as the protocol field in the IPv4 header.
Hop limit (8-bits). The contents of this field are decremented by one by each router that forwards the
packet. If the hop limit count reaches zero, the packet is discarded.
Source and destination addresses. The IPv6 128-bit addresses of source and destination.
Data. This is the payload portion of the IPv6 packet. When the packet reaches its destination, the
payload will be removed from the packet and passed on to the protocol specified in next header field.
Fields in IPv4 packet are no longer present in the IPv6 packet:
Fragmentation/reassembly. IPv6 does not allow for fragmentation/reassembly at intermediate
routers; these operations are performed only by source and destination. If IPv6 packet received by a
router is too large to be forwarded over the outgoing link, the router drops the packet and sends a
“Packet Too Big” ICMP error message back to the sender. The sender then resends the data, using
smaller IP packets. Fragmentation/reassembly is a time-consuming operation; removing it from the
routers and placing it in the end systems speed up IP forwarding within the network.
Header checksum: Because the transport-layer (e.g. TCP/UDP) and link-layer (e.g. Ethernet)
protocols perform checksum, this functionality was redundant in the network layer, and it is removed.
Options: An options field is no longer a part of the standard IPv6 header. The removal of the options
field results in a fixed-length, 40-byte IP header.
Transition from IPv4 to IPv6
How will the public Internet, which is based on IPv4, be transitioned to IPv6? The problem is that while
new IPv6 capable systems can be made backward-compatible, that is, can send, route, and receive
IPv4 packets, already deployed IPv4-capable systems are not capable of handling IPv6 packets.
The approach to IPv4-to-IPv6 transition that has been most widely adopted in practice involves
tunneling. For example in the figure below, suppose two IPv6 nodes (B and E) want to interoperate
using IPv6 packets but are connected to each other by intervening IPv4 routers. We refer to the
intervening set of IPv4 routers between two IPv6 routers as a tunnel. With tunneling, the IPv6 node on
the sending side of the tunnel (in this, B) takes the entire IPv6 packet and puts it in the data (payload)
field of an IPv4 packet. This IPv4 packet is then addressed to the IPv6 node on the receiving side of
the tunnel (in this, E) and sent to the first node in the tunnel (in this, C). The intervening IPv4 routers
in the tunnel route this IPv4 packet among themselves, just as they would any other packet, blissfully
unaware that the IPv4 packet itself contains a complete IPv6 packet. The IPv6 node on the receiving
side of the tunnel eventually receives the IPv4 packet (it is the destination of the IPv4 packet!),
determines that the IPv4 packet contains an IPv6 packet (by observing that the protocol number field
in the IPv4 packet, indicating that the IPv4 payload is a IPv6 packet), extracts the IPv6 packet, and
then routes the IPv6 packet exactly as it would if it had received the IPv6 packet from a directly
connected IPv6 neighbor.
Routing in the Internet: (The Network Layer Control Plane)
Control-plane controls not only 1.how a packet is routed through di erent routers from a source to a
destination, but also 2.how network-layer components and services are configured and managed.
1.How a packet is routed through di erent routers from a source to a destination. For example,
how a packet is routed from H1 to H2 through R1, R2, R3, R4 and R5. A router has two processes:
1.Forwarding which maintains a forwarding table. When router receives the packet, forward table is
used which identifies the output interface to forward the packet. For example, in the figure below, the
forwarding table at R1 tells that the packet with destination address of H2 (194.24.8.114/18) should
be forwarded on the output interface if0. Question: How is it decided that packet with destination
address of H2 should be forwarded on if0 interface, not if1or if2? This is where 2. Routing comes in.

Routing refers to the network-wide process that determines the end-to-end paths that packets take
from source to destination through the network of routers.
Routing algorithms: The algorithms that determine the best paths that packets take from source to
destination through the network of routers, are referred to as routing algorithms. The routing
algorithms formulate routing problems as a graph. A graph G(N, E), where N is set of nodes and E is a
set of edges. In the context of network routing, the nodes represent routers, and the edges represent
the physical links between routers, as shown in Figure. An edge can have a cost that may reflect the
physical length of the corresponding link, link speed, delay, etc. For any edge (x, y), c(x, y) is the cost
of that edge. Given the costs of the edges in the graph, the goal of a routing algorithm is to identify the
least costly paths between sources and destinations. The path in a graph is a sequence of nodes
(x1,x2,⋯,xp) such that each of the pairs (x1,x2),(x2,x3),⋯,(xp−1,xp), are edges in E. The cost of a path
(x1,x2,⋯,xp) is the sum of all the edge costs along the path, that is c(x1,x2)+c(x2,x3)+⋯ + c(xp−1,xp).
Given any two nodes x and y, there are typically many paths between the two nodes, with each path
having a cost. The best path between the source and destination is one that has the least cost.

Routing table: To determine the paths, at each router, the routing table is built by the routing
algorithms before building the forwarding table. Routing algorithms fill routing tables with
Destination/Next hop associations that tell a router that a particular destination can be reached
optimally by sending the packet to a particular router representing the "next hop" on the path to the
destination. For example, as shown in the figure, the routing table at R1 tells that a router that the
packet with destination address 194.24.8.114/18 can be reached optimally by sending the packet to
next hop (171.69.245.10 is IP address of R4 (i.e. if2 interface of R4)).
Routing algorithms Classification
1. Static vs Dynamic: In static routing algorithms, the routing tables are built by the network admin.
In dynamic routing algorithms, the routing tables are adjusted as the network tra ic loads or topology
change. A dynamic algorithm can be run either periodically or in direct response to topology or link
cost changes. While dynamic algorithms are more responsive to network changes, they are also more
susceptible to problems such as routing loops Fact: Computer networks generally use dynamic
routing algorithms that are more complex, but more e icient because they find the shortest paths for
the current topology. Two dynamic algorithms: distance vector routing and link state routing.
2.Centralized or decentralized. A centralized routing algorithm computes the least-cost path
between a source and destination using complete knowledge of the network. Since the algorithm
takes the connectivity between all nodes and cost of each link as inputs, they are often referred to as
link-state (LS) algorithms. In a decentralized routing algorithm, the calculation of the least-cost path
is carried out in an iterative, distributed manner by the routers. No node has complete information of
network. Instead, each node begins with only the knowledge of the costs of its own directly attached
links. Then, through an iterative process of calculation and exchange of information with its
neighboring nodes, a node gradually calculates the least-cost path to a destination or set of
destinations. The decentralized routing algorithm is called a distance-vector (DV) algorithm,
because each node maintains a vector of costs (distances) to all other nodes in the network.
Autonomous Systems: Before we explore another classification of the routing algorithms, we will
first understand the concept of Autonomous Systems (AS) in the Internet. The Internet is made up of
many independent networks or ASes (Autonomous Systems). AS is a group of networks under single
administrative control that can be the Internet Service Provider (ISP) or a large Enterprise
Organization. Often the routers in an ISP, and the links that interconnect them, constitute a single AS.
Some ISPs, however, partition their network into multiple ASs. Every AS has a globally unique 16 bit
number--Autonomous System Number (ASN).

Inter-domain and intra-domain routing algorithms or (Exterior-gateway and Interior gateway

protocols): Routers within the same AS all run the same routing algorithm and it is called an intra-
domain (AS) routing protocol. When routing a packet from a source to destination within the same
AS, the path the packet follows is entirely determined by the intra-domain routing protocol. However,
to route a packet across multiple domains (ASes)/ independently operated networks, say from a
smartphone in Timbuktu to a server in a datacenter in Silicon Valley, we need an inter-domain (AS)
routing protocol. Since an inter-domain routing protocol involves coordination among multiple ASs,
communicating ASs must run the same inter-AS routing protocol.
Distance Vector Routing (DVR)
In DVR, each router maintains a routing table containing one entry for each router in the network.
This entry has two parts: the outgoing line to use for destination and the distance to that destination.
These tables are updated by exchanging information only with the neighbors at fixed intervals (e.g. 30
sec). The DVR algorithm is iterative and distributed. It is distributed in that each router receives
distance vector (estimate of cost to all destinations) from one or more of its neighbors, performs a
calculation, and then distributes the results of its calculation back to its neighbors. It is iterative that
this process continues until no more information is exchanged between neighbors.

Least-cost paths using Bellman-Ford algorithm: Let d(x, y) be the cost of the least-cost path from
source node x to node y. Bellman-Ford equation, d(x,u)=min {d(x,v) + c(u,v), d(x,u)}, i.e. if d(x,v)+c(u,v)
< d(x,u) then d(x,u) = d(x,v)+c(u,v). The equation can also be written as d(x,u)=min v {d(x,v) + c(u,v)},
where the min in the equation is taken over all neighbors v of u. With the DVR algorithm, each node u
maintains the following routing information: 1. For each neighbor v, the cost c(u, v) from u to directly
attached neighbor v. 2. Node u’s distance vector i.e. D(u, y), containing u’s estimate of its cost to all
destinations, y, in N. 3. The distance vectors of each of its neighbors v, i.e., D(v, y).

DVR algorithm-How DVR works? In the distributed DVR algorithm, each node sends a copy of its
distance vector to each of its neighbors. When a node u receives a new distance vector from any of
its neighbors v, it uses the Bellman-Ford equation to update its own distance vector as follows: D(u,
y) = minv { c (u ,v) + D(v, y)} for each node y in N. If node u’s distance vector has changed as a result of
this update step, node u will then send its updated distance vector to each of its neighbors, which
can in turn update their own distance vectors. All nodes continue to exchange their distance vectors
in an asynchronous fashion until each cost estimate D(u, y) converges to d(u, y), the actual cost of
the least-cost path from node u to node y.
For example: In figure, the first four columns show the distance vectors received from the neighbors
of router J. Suppose J has estimated its cost to its neighbors, A, I, H, and K, as c(J, A)=8, c(J, I)=10, c(J,
H)=12, and c(J, K)=6, respectively. Now, J computes its new route to router G using Bellman-ford
equation, as shown below. It computes the distances to G via A, I, H, and K as 26 (18+8), 41(31+10),
18(6+12), and 37(31+6), respectively. The minimum value is 18, so J makes an entry in its routing table
that the distance to G is 18 and the route is via H. The same calculation is performed for all the other
destinations, with the new routing table shown in the last column.
d(J, G) = min{c(J, A)+d(A, G), c(J, I)+d(I, G), c(J, H)+d(H, G), c(J, K)+d(K, G) } = min{8+18, 10+31,12+6,
6+31} = min{26, 41, 18, 37} = 18
Routing Information protocol (RIP): Early intra-domain routing protocol that used a distance vector
algorithm is called RIP, which is based on the distributed Bellman-Ford algorithm inherited from the
original ARPANET routing algorithm. In RIP, the router does not know the network beyond its
neighbors. RIP employs Hop Count as a metric. The maximum number of hops allowed with RIP is
15. It runs above Network layer of the Internet protocol suite, using UDP port 520 to carry its data.

RIP Algorithm: • Each RIP router calculates the distances between itself and all other routers and
stores this information as a table. • Each router broadcasts its entire routing table to all neighboring
routers. • When a neighboring router receives distance tables, it calculates the shortest routes to all
other routers and updates its own table. • The neighbors, in turn, pass the information on to their
neighbors, and so on. This shared knowledge is known as convergence. For example:

1. Network Topology: Each link has a cost of 1.

2. Initial Routing Tables (Each Router Knows

Only Its Neighbors): Each router initializes its
table with only directly connected nodes.

3. First Exchange of Distance Vectors: Each router sends its table to neighbors. Neighbors update
their tables if they find a shorter path. E.g. R1 learns R2 can reach R4 in 1 step, so R1 updates the cost
to R4=(R1-R2)+(R2-R4)= 1+1=2 and Next hop to R4 = R2. Similarly, other routers update their tables.
4. Updated Routing Tables After First Exchange

5. Routing Table (Final): After further exchanges, routers get the shortest paths to all destinations.

Limitations of RIP: RIP works well in small systems, but less well as networks get larger. It also su ers
from the count-to-infinity problem and often takes too long to converge after the network topology
changed. Thus, it was replaced by a link state routing.
Link State Routing
In LSR, each router builds the complete network topology of the network/domain, the list of nodes
and links with cost (metric). In practice this is accomplished by having each router broadcast the
knowledge only about their neighbors. In e ect, the complete topology is distributed to every router.
Each router then locally runs Dijkstra’s algorithm to determine the shortest path to every other router,
with itself as the source node. Unlike DV protocols (which rely on hop counts), LS protocols use link
cost metrics to compute the best path.

LSR algorithm-How LSR works? The link-state routing uses Dijkstra’s algorithm that computes the
least-cost path from one node (the source, which we will refer to as u) to all other nodes in the
network. Dijkstra’s algorithm is iterative and has the property that after the kth iteration of the
algorithm, the least-cost paths are known to k destination nodes. When the algorithm terminates, we
have, for each node, its predecessor along the least-cost path from the source node. For each
predecessor, we also have its predecessor, and so in this manner we can construct the entire path
from the source to all destinations. The forwarding table in a node, say node u, can then be
constructed from this information by storing, for each destination, the next-hop node on the least-
cost path from u to the destination.

For example: In the figure below, the first part shows the graph representing a network, the second
part shows the resulting least-cost paths from node u, and the third part shows the forwarding table
at node u.

A Comparison of LS and DV Routing Algorithms

1. Communication Pattern: In DV, each node communicates only with its directly connected
neighbors and shares the distance vector (least-cost path to all destinations).In LS, each node
broadcasts the cost of its directly connected links to all nodes in the network.
2. Message Complexity: In DV, message exchanges occur only between neighbors; updates
propagate only when a link cost change a ects the least-cost path. In LS, each node must know the
cost of every link, resulting in O(|N||E|) messages.
3. Speed of Convergence: convergence in refers to how quickly a routing protocol updates and
stabilizes the network routing tables after a change in the network—such as a link failure or a new
router being added. In DV, convergence can be slow because updates happen step-by-step through
neighbors. They can take time to propagate changes, with possible routing loops and count-to-infinity
problems. LS have faster convergence with a complexity of O(|N²|) because: All routers quickly and
directly receive updated link information and each router independently computes the shortest path.
4. Robustness (in case of router failure): In DV, errors can propagate through the network since
each node relies on neighbors’ calculations. In LS, each node computes its own routes; errors are
more localized, o ering better robustness.
OSPF—An Intra-domain Routing Protocol: The LSR protocol called Open Shortest Path First (OSPF)
is an intra-domain routing protocol which was drawn on a protocol called IS-IS (Intermediate-System
to Intermediate-System). IS-IS was developed as part of the OSI protocol suite and later, it was
adapted to support IP routing (Integrated IS-IS). In 1990, IETF developed OSPF to be natively
compatible with IP within the TCP/IP. While both IS-IS and OSPF are link-state protocols, OSPF is
e ective in applications where network topology changes frequently. Thus, OSPF is more widely used
in large company networks that need robust failover and recovery options. IS-IS, with its fast
convergence and ease of maintenance, is more widely used in ISP by ISPs and large-scale network
operators who manage homogeneous environments with high performance requirements. Also,
OSPF was created because in the mid-1980s, RIP was increasingly incapable of serving large,
heterogeneous internetworks. OSPF being a SPF algorithm scale better than RIP.

How OSPF Works? In OSPF, each router broadcasts link-state information. Consequently, based on
this information, each router constructs a complete topological map (i.e., a graph) of the entire AS.
Each router then locally runs Dijkstra’s algorithm to determine a shortest paths to all routers, with
itself as the source node. OSPF achieves this through the following steps:

Neighbor Discovery - Hello Packet Exchange: A router discovers its neighbor by periodically
sending them a Hello Packet/Message. If a neighbor responds to this message, it is assumed to be
alive and functioning. If it does not, the sending router then alerts the rest of the network, about this
neighbor being down. These messages are small, unlike the routing table updates in DV algorithm.

Link-State Advertisements (LSAs): Using Link-State Advertising, each router broadcasts link-state
information (about its neighbors) to all other routers in the AS. The LSA is a short update packet called
a Link state Packet (LSP) which contains the following information: 1. The ID of the node that created
the LSP 2.A list of directly connected neighbors of that node, with the cost of the link to each one 3.A
sequence number 4.A time to live for this packet. The first two help route calculation; the last two
make the process of flooding more reliable. The router broadcasts LSA whenever there is a change in
a link’s state. It also broadcasts a link’s state periodically, even if the link’s state has not changed.

Link State Database (topological database): Every router receives every LSP and then prepares a
database known as Link State Database, which represents a complete network topology. Because
every router receives the same LSPs, every router builds the same database.

Route Calculation: Every router uses this database to calculate the best route to each destination
(routing table) using Dijkstra’s shortest-path algorithm.

Example: How OSPF Works

Step 1: Network topology and OSPF

Neighbor Discovery

Step 2: OSPF LSA Flooding Process: Each router floods LSAs i.e. information its directly connected
links and costs. Initial LSAs Sent by Each Router are as follows:
 R1 → LSA: {R1 - R2 (3), R1 - R3 (4)} R2 → LSA: {R2 - R1 (3), R2 - R4 (6)}
 R3 → LSA: {R3 - R1 (4), R3 - R5 (2)} R4 → LSA: {R4 - R2 (6), R4 - R5 (5)}
 R5 → LSA: {R5 - R3 (2), R5 - R4 (5)}
Step 3: Constructing Link-State Databases (LSDBs): Each router builds an identical LSDB after
receiving all LSAs. For example, after LSA flooding, each router has the full topology:
Router Link-State Database Entries
R1 R1-R2 (3), R1-R3 (4), R2-R4 (6), R3-R5 (2), R4-R5 (5)
R2 R1-R2 (3), R1-R3 (4), R2-R4 (6), R3-R5 (2), R4-R5 (5)
R3 R1-R2 (3), R1-R3 (4), R2-R4 (6), R3-R5 (2), R4-R5 (5)
R4 R1-R2 (3), R1-R3 (4), R2-R4 (6), R3-R5 (2), R4-R5 (5)
R5 R1-R2 (3), R1-R3 (4), R2-R4 (6), R3-R5 (2), R4-R5 (5)

Step 4: Running Dijkstra’s Algorithm for Each Router:

Path vector routing

The Internet is made up of many independent networks or ASes (Autonomous Systems). AS is a
group of networks under single administrative control that can be the Internet Service Provider (ISP)
or a large Enterprise Organization. Every AS has a globally unique 16-bit number--AS Number (ASN).
There are di erent types of AS. 1. Stub AS-has only one connection to another AS. And it can be either
a source or sink. 2. Multihomed AS-has more than one connection to the other ASes and can be either
a source or sink. 3. Transit AS-Same as Multihomed AS and allows transient tra ic.
Interdomain routing protocol or exterior gateway routing protocol: Within a single AS, OSPF and
IS-IS protocols are commonly used. However, to route a packet across multiple domains (ASes), it
needs coordination among multiple ASes that must run the same inter-domain/(AS) routing protocol.
In the Internet, all ASs run the same inter-domain routing protocol, called the Border Gateway
Protocol (BGP). It is the protocol that keeps the thousands of ISPs in the Internet together.
Role of BGP: Consider an AS and an arbitrary router in that AS. Every router has a forwarding table,
which plays the central role in the process of forwarding arriving packets to outbound router links. For
destinations that are within the same AS, the entries in the router’s forwarding table are determined
by the AS’s intra-AS routing protocol. But what about destinations that are outside of the AS? This is
precisely where BGP comes to the rescue.
CIDRized routing in BGP: In BGP, packets are not routed to a specific destination address, but
instead to CIDRized prefixes, with each prefix representing a subnet. In the world of BGP, a destination
may take the form 138.16.68/22, which for this example includes 1,024 IP addresses. Thus, a router’s
forwarding table will have entries of the form (x, I), where x is a prefix (such as 138.16.68/22) and I is
an interface number for one of the router’s interfaces.
Internetwork of ASes: In the Figure below, the network has three autonomous systems: AS1, AS2,
and AS3. The AS3 includes a subnet with prefix x. For each AS, each router is either a gateway router
or an internal router. A gateway router is a router on the edge of an AS that directly connects to one or
more routers in another ASs. An internal router connects only to hosts and routers within its own AS.
In AS1, e.g. router 1c is a gateway router; routers 1a, 1b, and 1d are internal routers.
BGP messages: In BGP, pairs of routers uses four message types: OPEN, UPDATE, NOTIFICATION,
and KEEPALIVE to establish, maintain, and exchange routing information. OPEN: Establishes and
configures BGP adjacency, including negotiating parameters like Autonomous System (AS) number
and hold time. UPDATE: Advertises, updates, or withdraws routes, carrying Network Layer
Reachability Information (NLRI) and path attributes. NOTIFICATION: Indicates an error condition to
the BGP neighbor, causing the BGP session to close. KEEPALIVE: Ensures the BGP session remains
active by periodically confirming the neighbor's availability.
BGP connections: BGP messages are transmitted through TCP connection on port 179. Each such
TCP connection, along with all the BGP messages sent over the connection, is called a BGP
connection. The BGP connection between two ASs is called an external BGP (eBGP) connection, and
a BGP connection between routers in the same AS is called an internal BGP (iBGP) connection. There
is an eBGP connection between gateway routers 1c and 2a and between gateway routers 2c and 3a.
There are also iBGP connections between routers within each of the ASs. The eBGP connections are
shown with the long dashes; the iBGP connections are shown with the short dashes.
Advertising BGP Route Information: AS advertises all the shortest paths it knows to all its peers to
propagate the reachability information. First, AS3 sends a BGP message to AS2, saying that x exists
and is in AS3; let’s denote this message as “AS3 x”. Then AS2 sends a BGP message to AS1, saying
that x exists and you can get to x by first passing through AS2 and then going to AS3; let’s denote that
message as “AS2 AS3 x”. In this process, gateway router 3a first sends an eBGP message “AS3 x” to
gateway router 2c. Gateway router 2c then sends the iBGP message “AS3 x” to all of the other routers
in AS2, including to gateway router 2a. Gateway router 2a then sends the eBGP message “AS2 AS3 x”
to gateway router 1c. Finally, gateway router 1c uses iBGP to send the message “AS2 AS3 x” to all the
routers in AS1. After this process is complete, each router in AS1 and AS2 is aware of the existence of
x and is also aware of an AS path that leads to x. In this manner, each of the autonomous systems will
not only learn about the existence of x, but also learn about the path of autonomous systems that
lead to x. Thus, BGP is a path vector protocol, where the path is the ASes traversed so far.
Existence of multiple paths: In a real network, from a given router there may be many di erent paths
to a given destination, each through a di erent sequence of ASs. For example, consider the network
in Figure above, with an additional physical link from router 1d to router 3d. In this case, there are two
paths from AS1 to x: the path “AS2 AS3 x” via router 1c; and the new path “AS3 x” via the router 1d.
Determining the Best Routes: In the Internet, routers often receive the reachability information to a
particular destination through dozens of di erent possible paths. How does a router choose among
these paths? Each path has three components: NEXT-HOP; AS-PATH; destination prefix. The AS-PATH
contains the list of ASs through which the advertisement has passed. To generate the AS-PATH value,
when a prefix is passed to an AS, the AS adds its ASN to the existing list in the AS-PATH. For example,
there are two routes from AS1 to subnet x: one which uses the AS-PATH “AS2 AS3”; and another that
uses the AS-PATH “AS3”. The NEXT-HOP is the IP address of the router interface that begins the AS-
PATH. The NEXT-HOP attribute for the route “AS2 AS3 x” from AS1 to x that passes through AS2 is the
IP address of the left interface on router 2a. The NEXT-HOP attribute for the route “AS3 x” from AS1 to
x is the IP address of the leftmost interface of router 3d. To determine the best path, the router locally
runs a BGP path selection procedure routers based on policy as well as the reachability information
such as the local preference, the shortest AS-PATH, the closest NEXT-HOP, the Oldest Path, etc.
BGP: The intradomain protocol routes the packets from the source to the destination. It does not have
to worry about politics. In contrast, interdomain routing protocols have to deal with politics such as
1. Do not carry commercial tra ic on the educational network., 2. Never send tra ic from the
Pentagon on a route through Iraq., 3.. Tra ic starting or ending at Apple should not transit Google, etc.
2.how network-layer components and services are configured and managed  Internet Control
Protocols (ICMP, ARP, DHCP)
ICMP - Internet Control Message Protocol
Limitation of IP: To make e icient use of the network resources, IP was designed to provide
unreliable and connectionless packet delivery. The IP protocol is a best-e ort delivery service that
delivers a packet from its original source to its final destination. The IP has
1. no error-control mechanism. Thus, what happens if a router must discard a packet because it
cannot find a router to the final destination, or because the time-to-live field has zero value?, etc.
In such error situations, the IP protocol has no built-in mechanism to notify the original host.
2. lacks mechanism for host and management queries. A host sometimes needs to determine if a
router or another host is alive. Sometimes a network admin needs info from another host or router.

Internet Control Message Protocol (ICMP) is designed to compensate for these two deficiencies.
1. Commonly, the ICMP is used on network devices, such as routers. When something unexpected
occurs during packet processing at a router, the event is reported to the sender by the ICMP.
2. Another important use of ICMP is that a host can perform network diagnosis by making use of
traceroute and ping utility. Traceroute is used by host to know the route between two devices
connected over the internet. The host learns the number and the identities of routers that lie
between it and the destination host, and the round-trip time between the two hosts. It is performed
to check network issues before data transfer. Ping a simple kind of traceroute used to measure the
time taken by data to reach the destination and return to the source.

ICMP Messages: are divided into two categories: 1.Error reporting Messages: Destination
unreachable, Time exceeded, Source quench, Parameter problems, Redirect. 2.Query Messages:
Echo request and reply, Timestamp request and reply, Address mask request and reply.
Example: Destination unreachable: Host A sends a packet to Host B. Because the R1’s interface
connected to Host B is down, the router sends ICMP Destination unreachable message to Host A.
Source Quench Message: It is a request to decrease the tra ic rate for messages sent to the host or
when receiving host detects that the rate of sending packets (tra ic rate) to it is too fast it sends the
source quench message to the source to slow down so that no packet can be lost.

Echo request and reply: To measure availability, round-trip time, and route through devices, Host
starts the ping utility that sends ICMP Echo Request packets to Server. If the Server is reachable, it
responds with ICMP Echo Reply packets. If Host receives no response, then Server is unreachable.
Address Mask Request and Reply: To determine the subnet mask of its local network; a host
broadcasts Address Mask Request (ICMP-type 17), and a router responds with an Address Mask Reply
(ICMP-type 18) containing the subnet mask.
ICMP Packet Format: The ICMP packet has an 8-byte header and a variable-size data section.

Type (8-bit): It defines the type of ICMP message so that the receiving network would know what kind
of message it is receiving and how to respond to it. Some common message types are: Type 0 – Echo
reply, Type 3 – Destination unreachable, Type 5 – Redirect Message, Type 8 – Echo Request, Type 11 –
Time Exceeded, Type 12 – Parameter problem.
Code (8-bit): Provides additional details about the message type i.e. the reason for the message. For
example, for Type 3 – Destination unreachable, some common codes are: code 0-Net Unreachable,
code 1-Host Unreachable, code 2-Protocol Unreachable, etc.
Checksum (16-bit): It enables the ICMP tool to ensure that complete data is delivered.
Extended Header (32-bit): The next 32 bits of the ICMP header are the Extended Header, which
points out issues in the IP message. Byte locations are identified by the pointer which causes the
problematic message. The receiving device uses this information to pinpoint the issue.
Data: The data section in error messages carries information for finding the original packet that had
the error. It includes the IP header of the original packet plus the first 8 bytes of data in that packet,
as shown in the figure below. In query messages, the data section carries extra information based on
the type of query, no bytes of the original IP are included in the message.
ICMP message encapsulation: Each ICMP message type is encapsulated in an IP packet. ICMP is
often considered part of IP, but architecturally it lies just above IP. That is, ICMP messages are carried
as IP payload, just as TCP or UDP segments are carried as IP payload.
ARP—The Address Resolution Protocol
Although every machine on the Internet has an IP address, it is not su icient for sending packets.
Data link layer NICs do not understand Internet addresses. In the Ethernet, every NIC equipped with
a unique 48-bit Ethernet address. The NICs send and receive frames based on 48-bit Ethernet
addresses. They know nothing at all about 32-bit IP addresses.
How do IP addresses get mapped onto data link layer addresses? Consider a university with two
/24 networks. The CS is a switched Ethernet with prefix 192.32.65.0/24. The EE also switched Ethernet
with prefix 192.32.63.0/24. The two LANs are connected by an IP router. Each machine on an Ethernet
and each interface on the router has a unique Ethernet address, labeled E1 through E6, and a unique
IP address on the CS or EE network.

How does a user on host-1 sends a packet to a user on host-2 on the CS network?
Problem: The sender host-1 knows the IP address for host-2 (192.32.65.5). The network layer on host-
1 constructs a packet with 192.32.65.5 in the Destination address field and this packet is sent to the
Link layer. The Link layer receives the packet and constructs frame by adding frame header and frame
trailer for delivery. Now, when a frame is constructed from an IP packet, the Link layer has no idea
about the Ethernet address of the destination machine. However, it needs some way to find the
destination’s Ethernet address to send the frame.

Solution: A solution is for host-1 to output a broadcast packet onto the Ethernet asking who owns IP
address 192.32.65.5. The broadcast will arrive at every machine on the CS Ethernet, and each one
will check its IP address. Host-2 alone will respond with its Ethernet address (E2). In this way host-1
learns that IP address 192.32.65.5 is on the host with Ethernet address E2. The protocol used for
asking this question and getting the reply is called ARP (Address Resolution Protocol). Almost every
machine on the Internet runs it. At this point, the DLL on host-1 builds an Ethernet frame addressed
to E2, puts the IP packet (addressed to 192.32.65.5) in the payload field, and dumps it onto the
Ethernet. The Ethernet NIC of host-2 detects this frame, recognizes it as a frame for itself. The
Ethernet driver extracts the IP packet from the payload and passes it to the network layer.

How does ARP work?: ARP is a very simple protocol, consisting of merely two basic message types:
1. ARP Request: Host creates ARP request and broadcasts it to the entire local network asking, "Who
has this IP address?" It creates a request ARP message with sender MAC address, sender IP address,
target IP address, and target MAC address is filled with 0 [Broadcast].
2. ARP Reply: All the hosts on the network ignore the ARP Request, except the host which owns that
IP address in the ARP request. Now, this host sends an ARP Reply: "Hey, I have that IP and my MAC
address is [xxx]. It takes an IP address of the sender who sent ARP request and creates a reply ARP
message with own MAC address, own IP address, sender’s IP address, sender’s MAC address [BBB].
Result: The sender of ARP request gets MAC address of the intended receiver. For Example:

Encapsulation of ARP packet: A ARP packet is encapsulated into a datalink layer frame.

ARP Cache: All hosts connected to the network have an ARP table, a short-term memory of all the IP
addresses and MAC addresses that the device has already matched together. The ARP table ensures
that the device doesn't have to repeat ARP Requests for devices it has already communicated with.
How does host-1 send a packet to host-4 (192.32.63.8) on the EE network?
Host-1 sees that the destination IP address is not on the same CS network and knows to send all such
o -network tra ic to the router (known as default gateway). The default gateway is the lowest address
on the network (198.31.65.1). To send a frame to the router, host-1 must still know the Ethernet
address of the router interface on the CS network. It discovers this by sending an ARP broadcast for
198.31.65.1, from which it learns E3. It then sends the frame. The same lookup mechanisms are used
to send a packet from one router to the next over a sequence of routers in an Internet path.

End Router: When the Ethernet NIC of the end-router gets this frame, it gives the packet to the
network layer. It knows from the network masks that the packet should be sent to the EE network
where it will reach host-4. If the end-router does not know the Ethernet address for host-4, then it
uses ARP again. Table lists the source and destination Ethernet and IP addresses that are present in
the frames as observed on the CS and EE networks. The Ethernet addresses change with the frame
on each network while the IP addresses remain constant.

Observation: It is possible to send a packet from host-1 to host-4 without host-1 knowing that host-4
is on a di erent network. The solution is to have the router answer ARPs on the CS network for host-4
and give its Ethernet address, E3, as the response. It is not possible to have host-4 reply directly
because it will not see the ARP request (as routers do not forward Ethernet-level broadcasts). The
router then receives frames sent to 192.32.63.8 and forward them onto the EE network. This solution
is called proxy ARP. It is used in special cases in which a host wants to appear on a network even
though it actually resides on another network.
DHCP—The Dynamic Host Configuration Protocol:
Problem: ARP (as well as other Internet protocols) assumes that hosts are configured with some
parameters (e.g. its own IP address). How hosts get an IP address? Manual configuration: tedious and
error prone. Solution: DHCP can dynamically assign IP addresses to each host on the network.

DHCP components
DHCP client. It is a device that connects to a network and receive network configuration parameters.
It can be a computer, laptop, mobile, or any other device that needs a connection.

DHCP server. With DHCP, every network must have a DHCP server that is responsible for IP
configuration. DHCP server automatically assigns IP addresses from a pool of available addresses to
devices that connect to a network. It also provides additional network configuration parameters,
including subnet mask, IP address of the default gateway, and IP addresses of DNS and time servers.

DHCP relay. If no DHCP server is present on the network, a DHCP relay agent is needed that knows
the address of a DHCP server for that network. It enables communication between DHCP clients and
servers, when a network consists of several subnets. In this case, a DHCP relay enables DHCP server
to provide the necessary information to all of the clients on both the primary network and subnet.

How does DHCP work? When a device/host joins a network (or when device starts), it has a built-in
Ethernet/MAC address embedded in the NIC, but no IP address.
1. DHCP Discover: When a host joins a network, it broadcasts (255.255.255.255) a DHCP Discover
message (for an IP) on its network. If the DHCP server is not directly attached to the network, the
router will be configured to receive DHCP broadcasts and relay them to the DHCP server.
2. DHCP O er: When the server receives the request, it allocates a free IP address and sends it to the
host in a DHCP O er packet (which again may be relayed via the router). It also includes other
network configuration parameters. Since device/host does not have an IP address, the server
identifies a host using its Ethernet address (which is carried in the DHCP Discover packet).
3. DHCP Request: The client responds with a DHCP Request, confirming to use the o ered IP.
4. DHCP Acknowledge: The DHCP server sends a DHCP Acknowledgment, o icially assigning the
IP. The client can now use this IP to communicate on the network.

DHCP Message Encapsulation: Each DHCP message is wrapped in multiple protocol headers
before being transmitted over the network.

1. DHCP Message (Application Layer): DHCP message (e.g. DORA) is formatted at AL.
2. Encapsulation into UDP (Transport Layer): DHCP uses UDP (User Datagram Protocol), with
Source Port: 68 (Client) and Destination Port: 67 (Server).
3. Encapsulation into IP (Network Layer): Source IP: 0.0.0.0 (Client doesn’t have an IP yet) and
Destination IP: 255.255.255.255 (Broadcast) or DHCP server’s IP.
4. Encapsulation into Ethernet Frame (Data Link Layer): Source MAC: Client’s MAC address and
Destination MAC: FF:FF:FF:FF:FF:FF (Broadcast) or DHCP Server's MAC.