3.2. The Network Layer In The Internet

At the network layer, the Internet can be viewed as a collection of subnetworks or Autonomous Systems (ASes) that are connected together. There is no real structure, but several major backbones exist. These are constructed from high-bandwidth lines and fast routers. Attached to the backbones are regional (midlevel) networks, and attached to these regional networks are the LANs at many universities, companies, and Internet service providers (Fig. 5-44).

Fig. 5-44. The Internet is an interconnected collection of many networks.

The glue that holds the Internet together is the network layer protocol, IP (Internet Protocol).

Communication in the Internet works as follows: The transport layer takes data streams and break them up into datagrams usually around 1500 bytes long (in theory, they can be up to 64 Kbytes). Each datagram is transmitted through the Internet, possibly being fragmented into smaller units. When all pieces finally get to the destination machine, they are reassembled by the network layer into the original datagram. This datagram is then handed to the transport layer, which inserts it into the receiving process' input stream.

3.2.1. The IP Protocol

An IP datagram consists of a header part and a text part. The header has a 20 byte fixed part and a variable length optional part (Fig. 5-45). It is transmitted from left to right, with the high-order field of the Version field going first (big endian order).

Fig. 5-45. The IP (Internet Protocol) header.

Meanings of single fields in the IP header:

• Version - version of the protocol the datagram belongs to.
• IHL - length of the header in 32-bit words. The minimum value is 5, the maximum value is 15.
• Type of service - type of service the host wants from a subnet. In practice, current routers ignore this field.
• Total length - the total length of the datagram (65535 bytes maximum).
• Identification - allows the destination host to determine which datagram a newly arrived fragment belongs to. All the fragments of a datagram contain the same Identification value.
• DF - stands for Don't fragment. It is an order to the router not to fragment the datagram because the destination is incapable of putting the pieces back together again (all machines are required to accept fragments of 576 bytes or less).
• MF - stands for More Fragments. All fragments except the last one have this bit set.
• Fragment offset - tells where in the current datagram this fragment belongs. All fragments except the last one in a datagram must be a multiple of 8 bytes, the elementary fragment unit.
• Time to live - a counter used to limit packet lifetimes. In practice, it just counts hops. It must be decremented on each hop. When it hits zero, the packet is discarded and a warning packet is sent back to the source host.
• Protocol - the identification of the protocol the datagram belongs to.
• Header checksum - verifies the header only. It is recomputed at each hop.
• Source address, destination address - indicate the network number and host number.
• Options - provides an escape to allow subsequent versions of the protocol to include information not present in the original design, to permit experiments to try out new ideas. This field is variable length. Each option begins with a 1-byte code identifying the option. Currently five options are defined, but not all routers support them. E.g., Record route option tells the routers along the path to append their IP address to the option field. This allows system managers to track down bugs in the routing algorithms.

Fig. 5-46. IP options.

Every host and router on the Internet has an IP address, which encodes its network number (prefix part of the address) and host number (suffix part of the address). The combination is unique.

All IP addresses are 32 bits long. The format of IP address is in Fig. 5-47. Those machines connected to multiple networks have a different IP address on each network.

Fig. 5-47. IP address formats.

IP addresses can be divided into 5 classes. There are 3 primary classes, A, B, and C, used for host addresses. Class D is used for multicasting which allows delivery to a set of computers. Class E is reserved for future use. The first four bits of an address determine the class to which the address belongs.

The class A format allows for up to 126 networks with 16 million hosts each.

The class B format allows for up to 16382 networks with 64 K hosts each.

The class C format allows for up to 2 million networks with 254 hosts each.

Network numbers on the top level are assigned by the NIC (Network Information Center). For single organizations, the network number are assigned by Internet service providers.

Network addresses are usually written in dotted decimal notation. In this format, each of the 4 bytes is written in decimal, from 0 to 255.

Some addresses have special meaning (Fig. 5-48).

Fig. 5-48. Special IP addresses.

The IP address 0.0.0.0 is used by hosts when they are being booted but is not used afterwards.

All addresses of the form 127.xx.yy.zz are reserved for loopback testing. Packets sent to that address are not put onto the wire; they are processed locally and treated as incoming packets.

3.2.3. Subnets

All the hosts in a network must have the same network numbers. When the number of computers in an organization get bigger or the number of different LANs get bigger, this requirement can cause problems.

The solution to these problems is to allow a network to be split into several parts for internal use but still acts like a single network to the outside world. In the Internet literature, these parts are called subnets (different from subnets as a collections of routers).

The division is done in fact by splitting the host part of the address (e.g., 16 bits in case of B address) into a subnet number (e.g., 6 bits) and a host number (10 bits in our example). This split allows 62 LANs (0 and 255 are reserved), each with up to 1022 hosts (Fig. 5-49).

Fig. 5-49. One of the ways to subnet a class B network.

To see how subnets work, it is necessary to explain how IP packets are processed at a router.

Each router has a table listing some number of (network, 0) IP addresses and some number of (this-network, host) IP addresses. The first kind tells how to get to distant networks. The second kind tells how to get to local hosts. Associated with each table is the network interface to use to reach the destination, and certain other information.

When an IP packet arrives, its destination address is looked up in the routing table. If the packet is for a distant network, it is forwarded to the next router on the interface given in the table. If it is a local host (e.g., on the router LAN), it is sent directly to the destination. If the network in the destination address is not present in the router's table, the packet is forwarded to a default router with more extensive tables. So each router has to keep track of other networks and local hosts, not (network,host) pairs.

When subnetting is introduced, the routing tables are changed, adding entries of the form (this-network, subnet, 0) and (this-network, this-subnet, host). Thus a router on subnet k knows how to get to all other subnets and also how to get to all the hosts on subnet k. In fact, all that needs to be changed is to have each router do a Boolean AND with the network's subnet mask (Fig. 5-49) to get rid of the host number and look up the resulting address in its tables (after determining which network class it is). Subnetting reduces router table space by creating a three-level hierarchy.

3.2.4. Internet control protocols

In addition to IP, which is used for data transfer, the Internet has several control protocols used in the network layer, including ICMP and ARP.

3.2.5. The Internet Control Message Protocol

The operation of the Internet is monitored by the routers. When something unexpected occurs, the event is reported by the ICMP (Internet Control Message Protocol).

Each ICMP message is encapsulated in an IP packet. The most important messages are in Fig. 5-50.

Fig. 5-50. The principal ICMP message types.

The more detailed meaning of single messages are as follows:

• DESTINATION UNREACHABLE - a router cannot locate the destination, or a packet with the DF bit cannot be delivered because a "small-packet" network stands in the way.
• TIME EXCEEDED - a packet is dropped due to its router reaching zero.
• PARAMETER PROBLEM - an illegal value has been detected in a header file.
• SOURCE QUENCH - used formerly to throttle hosts that were sending too many packets. Today congestions are solved by another means.
• REDIRECT - a router notices that a packet seems to be routed wrong.
• ECHO REQUEST, ECHO REPLY - messages used to see if a given destination is reachable and alive. Upon receiving an ECHO REQUEST message, the destination is expected to send an ECHO REPLY message back.
• TIMESTAMP REQUEST, TIMESTAMP REPLY - similar to echo messages, except that the arrival time of the message and the departure time of the reply are recorded in the reply. This facility is used to measure network performance.

The ICMP is defined in RFC 792.

3.2.6. The Address Resolution Protocol

The ARP (Address Resolution Protocol), defined in RFC 826, solves the following problem: A computer on a LAN has to send an IP packet with the destination IP address A to a computer on the same LAN (the fact that the computer with the address A is on the same LAN is known from the address A), but it does not know the LAN address of the computer necessary to send a packet directly. So it, using ARP, broadcast packet on the LAN asking: Who owns IP address A? The broadcast will arrive at every machine on the LAN and each one will check its IP address. The host with the IP address A will respond announcing its LAN address. An example is in Fig. 5-51.

Fig. 5-51. Three interconnected class C networks: two Ethernets and an FDDI ring.