History of Internet protocol: When early researchers, built the framework for Transmission Control Protocol, they realized

the need to specify locations in order to send data from one location to another. Much like the telephone system, a protocol was needed to allow numbers to map to physical devices and to build a logical method for traffic to route from one number to another. This became the Internet Protocol, and the first major version of this was IPv4. IPv4 was first released in September 1981, and in 1985, methods were used to sub-divide IP networks. Since early networks were designed for researchers to communicate and share ideas, large chunks of addresses were assigned to universities, think tanks and other such organizations. Each block of addresses was broken into two segments, networks and hosts. Networks were assigned to any organization wishing to collaborate and share data across what was becoming the Internet. The network would be reserved for each entity to do with as they pleased. The host part belonged to the network owner and would then be used to put routers, switches, firewalls, servers, workstations and other devices on the Internet. However, the allocation of addresses was flawed...not as much flawed as nave and idealistic. Of the 4.2 billion addresses, it seemed practical to give tens of thousands of addresses to major institutions. As more and more requests were made for additional networks and hosts, it became apparent that a flat structure of networks and hosts as the only way to divide out the available addresses would need some enhancement. Subdivision was introduced around 1993, and these techniques became what is now the modern version of IP addresses as we know it with four groups of three numbers...........

What is IP? The IP address is a four-part number, broken up into sections, separated by periods. Each IP address identifies a specific device, i.e. computer, router or Smart Phone which connect to the Internet. You could say the IP Address is the Social Security Number, for each appliance connected to the Internet. There are not two devices connected to the Internet, which have the same IP address. IP Addresses use numbers ranging from 0 to 255. Ip address is the set of numbers that helps to uniquely identify the computer or terminal within the network or outside of the network. In broad classification, ip address has of two parts: i) Host part ii) Network part

By combining these host part and network part ,ip address is 32 bits in length, where 32 bits are divided into 4 sections where each sections consists of 8 bits and each bit is separated by dot(.) operator such as X.W.Y.Z=32 bits. IP is a major protocol of internet layer. It is a connectionless protocol which means it does not create path. It has no flow control and error control. It has best effort delivery of information. When it is paired with TCP, behaves reliable protocol. It uses asynchronous communication.

Evolution of ipv4: In 1969, ARPA (Advanced Research Project Agency) of United States Department of Defense came up with ARPAnet during Cold war and this is the first Packet Switched Network. They connected 4 computers on ARPAnet. ARPAnet eventually turned into NSFnet, a network used by National Science Foundation and primarily used by scientists for research purpose. NSFnet then grows into modern Internet. ARPAnet initially used NCP (Network Control Program) to establish reliable, flowcontrolled, bidirectional communication. In 1983, they decided to replace NCP with TCP as the principal protocol. For many years, TCP was already used by scientists as end-to-end delivery protocol and they decided to split the load to IP. By the time, developers starts working on s plit work to create IP, TCP was in Version 3. So the new developed IP was marked as Version 4. So IP version 4 is the first standardized version of Internet Protocol......

What is ipv4?
In the 1980s, when the Internet went live to the public, IPv4 was the fourth revision of Internet Protocol, and the first offered to the public. IPv4 is the general standard of delivery of information between devices connected to the Internet. Although the DOD (Department of Defense) adopted IPv4 as its standard also, DARPA has continued to advance the methods used in transferring information between agencies. IPv4 does not guarantee delivery of information between devices. It is built on best effort delivery theory. With the

advancement of wireless technology, a new protocol called IPv6 may soon become the new IP standard. IPv4 is the most widely used version of the Internet Protocol. It defines IP addresses in a 32-bit format, which looks like 123.123.123.123. Each three-digit section can include a number from 0 to 255, which means the total number of IPv4 addresses available is 4,294,967,296 (256 x 256 x 256 x 256 or 2^32). Each computer or device connected to the Internet must have a unique IP address in order to communicate with other systems on the Internet. Because the number of systems connected to the Internet is quickly approaching the number of available IP addresses, IPv4 addresses are predicted to run out soon. When you consider that there are over 6 billion people in the world and many people have more than one system connected to the Internet (for example, at home, school, work, etc.), it is not surprising that roughly 4.3 billion addresses is not enough.

To solve this problem, a new 128-bit IP system, called IPv6, has been developed and is in the process of replacing the current IPv4 system. During this transitional process from IPv4 to IPv6, systems connected to the Internet may be assigned both an IPv4 and IPv6 address. Mechanism of packet progression:

Local workstation
Application layer Router 1

data
Transport layer TH DATA IP header applied here creating an ip datagram IP header TH data

Network layer IP header TH data

MAC IP TH Data Header Header

MAC Trailer

MAC /Interface layer MAC IP TH data

Header Header WAN IP TH Data Header Header LAN 1 Packet continues to Router 2

Features of ipv4:
(1) Best effort delivery. Network devices do their best to get the packet to its destination, however there are no guarantees of latency or reliability, only that intermediate nodes will do their "best". (2) No guarantee of delivery or retransmission. There is no way for a destination to inform the host that it received the packet. (3) Packets may arrive in different orders than sent. Once the packets go onto the network, they may be sent on completely different routes. There is no way to coordinate that packets arrive in any particular sequence.... (4) Hosts may receive duplicates of packets...

Ipv4 functions:(1) A universal intermediate layer. (2) Routing (3) Fragmentations and reassembly

Difference between ipv4 and ipv6:Developed Address size Address format Prefix notation Number of addresses Ipv4 1981 32-bits number Dotted decimal notation 192.168.1.1 192.168.0.0/24 232 Ipv6 1999 128-bits number Hexadecimal notation 3FFE:F200:0234:AB00: 0123:4567:8901:ABCD 3FFE:F200:0234::/48 2128

IP Address Concept:Internet addresses can be symbolic or numeric. The symbolic form is easier to Read. The numeric form is a 32-bit unsigned binary value which is usually expressed in a dotted decimal format. For example:9.167.5.8 is a valid Internet address. The numeric form is used by the IP software. The mapping between the two is done by the Domain Name System. To be able to identify a host on the internet, each host is assigned an address, the IP address, or Internet Address. When the host is attached to more than one network, it is called multi-homed and it has one IP address for each network interface. The IP address consists of a pair of numbers: IP address = <network number><host number> The network number part of the IP address is centrally administered by the Internet Network Information Center (the InterNIC) and is unique throughout the internet. IP addresses are 32-bit numbers usually represented in a dotted decimal form (as the decimal representation of four 8-bit values concatenated with dots). For example 128.2.7.9 is an IP address with 128.2 being the network number and 7.9 being the host number. The rules used to divide an IP address into its network and host parts are explained below. The binary format of the IP address 128.2.7.9 is:

10000000 00000010 00000111 00001001 IP addresses are used by the IP protocol (see Internet Protocol (IP)) to uniquely identify a host on the internet. IP datagrams (the basic data packets exchanged between hosts) are transmitted by some physical network attached to the host and each IP datagram contains a source IP address and a destination IP address. To send a datagram to a certain IP destination, the target IP address must be translated or mapped to a physical address. This may require transmissions on the network to find out the destination's physical network address (for example, on LANs the Address Resolution Protocol, is used to translate IP addresses to physical MAC addresses).The first bits of the IP address specify how the rest of the address should be separated into its network and host part. The terms network address and netID are sometimes used instead of network number, but the formal term, used in RFC 1166, is network number. Similarly, the terms host address and hostID are sometimes used instead of host number. There are five classes of IP addresses. These are shown in figure:

Class A: 0 0 Network

16 Host

24

31

Class B: 1 0 Network Host

Class C: 1 1 0 Network Host

Class D: 1 1 1 0 Multicast Address

Class E: 1 1 1 1 0 Reserved

Two numbers out of each of the class A, class B and class C network numbers, and two host numbers out of every network are pre-assigned: the all bits 0 number and the all bits 1 number. Class A addresses use 7 bits for the network number giving 126 possible networks .The remaining 24 bits are used for the host number, so each networks can have up to 2 242 (16,777,214) hosts. Class B addresses use 14 bits for the network number, and 16 bits for the host number giving 16382 networks each with a maximum of 65534 hosts. Class C addresses use 21 bits for the network number and 8 for the host number giving 2,097,150 networks each with up to 254 hosts. Class D addresses are reserved for multicasting, which is used to address groups of hosts in a limited area. Class E addresses are reserved for future use. It is clear that a class A address will only be assigned to networks with a huge number of hosts, and that class C addresses are suitable for networks with a small number of hosts. However, this means that medium-sized networks (those 11 with more than 254 hosts or where there is an expectation that there may be more than 254 hosts in the future) must use Class B addresses. The number of small- to medium-sized networks has been growing very rapidly in the last few years and it was feared that, if this growth had been allowed to continue unabated, all of the available Class B network addresses would have been used up till. This is termed the IP Address Exhaustion problem. One point to note about the split of an IP address into two parts is that this split also splits the responsibility for selecting the IP address into two parts. The network number is assigned by the InterNIC and the host number by the authority which controls the network. As we shall see in the next section, the host Number can be further subdivided: this division is controlled by the authority which owns the network, and not by the InterNIC.

Understanding classfull IP address with example: Class A: Minimum value Maximum value Class B: Minimum value Maximum value Class c: Minimum value Maximum value 00000000 11111111 10000000 11111111 11000000 11011111 0 255 128 191 192 223 00000001.H.H.H 01111111.H.H.H 10000000.H.H.H 10111111.H.H.H 11000000.H.H.H 11011111.H.H.H 1.H.H.H 127.H.H.H 128.N.H.H 191.N.H.H 192.N.N.H 223.N.N.H

Special IP Addresses: As noted above, any component of an IP address with a value all bits 0 or all all bits 1 has a special meaning. All bits 0 stands for this: this host (IP address with <host number>=0) or this network (IP address with <network number>=0) and is only used when the real value is not known. This form is only used in source addresses when the host is trying to determine its IP addresses from a remote server. The host may include its host number if known, but not its subnet or network number. All bits 1 stands for all: all networks or all hosts. For example: 128.2.255.255 (Classes B address with a host number of 255.255) means all hosts on network 128.2. There is another address of special importance: the all bits 1 class A network number 127 is reserved for the loop-back address. Anything sent to an address with 127 as the value of the high order byte, for example 127.0.0.1, must not be routed via a network but must be routed directly from the IP implementation's output driver to its input driver. Static IP address: A static IP address is a number (in the form of a dotted quad) that is assigned to a computer by an Internet service provider (ISP) to be its permanent address on the Internet. Computers use IP addresses to locate and talk to each other on the Internet, much the same way people use phone numbers to locate and talk to one another on the telephone. When you want to visit subash.com, then computer asks a domain name system (DNS) server (think telephone information operator) for the correct dotted quad number (think phone number) for subash.com and computer uses the answer it receives to connect to the subash.com server. If you feel the need to always know what your IP address is then you need a Static IP address, because it is constant. Static IP addresses are more reliable for Voice over Internet Protocol (VOIP), more reliable to host a gaming website or to play, use Virtual Private Network for secure access to files from your company network computer, etc. Static IP addresses are also great if you use your computer as a server, as it should give your file server faster file uploads and downloads. Another plus with Static IP's, when hosting a website you are not sharing your IP with another company who sends out a lot of E-mail SPAM and not only has their website been shut down but in turn gets your IP address blacklisted. In contrast a static IP address can become a security risk, because the address is always the same. Static IP's are easier to track for data mining companies. Static IP addressing is less cost effective than Dynamic IP Addressing.

Dynamic IP address: The temporary IP address is called a dynamic IP address. The biggest advantages of Dynamic IP Addressing are less security risk as the computer is assigned a new IP address each time the customer logs on, they are cost effective and there is automatic network

configuration (the less human intervention with network configuration the better). Dynamic addressing is usually used by ISP's so that one IP address can be assigned to several users, however some ISP's use Sticky Dynamic IP Addressing and do not change the IP address very often. Dynamic IP Addressing can be used by families with several computers or by a small business owner who has a home office. The software that comes with a router allows for Dynamic Host Configuration Protocol (DHCP) setup and assigns each computer attached to the router an IP address automatically. In contrast, Dynamic IP addressing should not be used for VOIP, VPN, playing online games or game hosting because Dynamic IP addressing is less reliable then Static IP addressing and could cause the service to disconnect while you are on a VOIP, VPN or gaming. IPV4 Datagram structure: Data transmitted over an internet using IP is carried in messages called IP datagrams. Like all network protocol messages, IP uses a specific format for its datagrams. The IPv4 datagram is conceptually divided into two pieces: the header and the payload. The header contains addressing and control fields, while the payload carries the actual data to be sent over the internetwork. Unlike some message formats, IP datagrams do not have a footer following the payload. Even though IP is a relatively simple, connectionless, unreliable protocol, the IPv4 header carries a fair bit of information, which makes it rather large. At a minimum, it is 20 bytes long, and with options can be significantly longer.

Header:
The IPv4 packet header consists of 13 fields, of which 12 are required. The 13th field is optional (red background in table) and aptly named: options. The fields in the header are packed with the most significant byte first, and for the diagram and discussion, the most significant bits are considered to come first. The most significant bit is numbered 0, so the version field is actually found in the four most significant bits of the first byte, for example.

Bits offset

0-3

4-7

8-15

16-18

19-31

0 32 64 96 128 160 160 0r

Header Differentiated Version length services Identification Time to live Protocol

Total length Flags Fragments offset Header checksum

Source address Destination address Options(if header length>5) Data

192+

Version:
The first header field in an IP packet is the four-bit version field. For IPv4, this has a value of 4. Hence the name IPv4.

Internet Header Length (IHL):

The second field (4 bits) is the Internet Header Length (IHL) telling the number of 32-bit words in the header. Since an IPv4 header may contain a variable number of options, this field specifies the size of the header (this also coincides with the offset to the data). The minimum value for this field is 5, which is a length of 5 32 = 160 bits. Being a 4-bit value, the maximum length is 15 words (15 32 bits) or 480 bits.

Differentiated Services (DS):

Originally defined as the TOS field, this field is now defined by RFC 2474 for Differentiated services (DiffServ) and by RFC 3168 for Explicit Congestion Notification (ECN), matching IPV6. New technologies are emerging that requires real-time data streaming and therefore will make use of the DS field. An example is Voice over IP (VoIP) that is used for interactive data voice exchange. The original intention of the Type of Service (TOS) field was for a sending host to specify a preference for how the datagram would be handled as it made its way through an internet. For instance, one host could set its IPv4 datagrams TOS field value to prefer low delay, while another might prefer high reliability. In practice, the TOS field was not widely implemented. However, a great deal of experimental, research and deployment work has focused on how to make use of these eight bits, resulting in the current DS field definition. As defined in RFC 791, the following eight bits were allocated to a Type of Service (TOS) field: bits 0-2: Precedence (111 Network Control, 110 Internetwork Control, 101 CRITIC/ECP, 100 Flash Override, 011 Flash, 010 Immediate, 001 Priority, 000 Routine) bit 3: 0 = Normal Delay, 1 = Low Delay bit 4: 0 = Normal Throughput, 1 = High Throughput bit 5: 0 = Normal Reliability, 1 = High Reliability bit 6: 0 = Normal Cost, 1 = Minimize Monetary Cost (defined by RFC 1349) bit 7: never defined

Total Length:
This 16-bit field defines the entire datagram size, including header and data, in bytes. The minimum-length datagram is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 the maximum value of a 16-bit word. The minimum size datagram

that any host is required to be able to handle is 576 bytes, but most modern hosts handle much larger packets. Sometimes subnetworks impose further restrictions on the size, in which case datagrams must be fragmented. Fragmentation is handled in either the host or packet switch in IPv4.

Identification:
This field is an identification field and is primarily used for uniquely identifying fragments of an original IP datagram. Some experimental work has suggested using the ID field for other purposes, such as for adding packet-tracing information to diagrams in order to help trace back datagrams with spoofed source addresses. Flags: A three-bit field follows and is used to control or identify fragments. They are (in order, from high order to low order): bit 0: More Fragments (MF) bit 1: Dont Fragment (DF) bit 2: Reserved; must be zero. If the DF flag is set and fragmentation is required to route the packet, then the packet will be dropped. This can be used when sending packets to a host that does not have sufficient resources to handle fragmentation. When a packet is fragmented, all fragments have the MF flag set except the last fragment, which does not have the MF flag set. The MF flag is also not set on packets that are not fragmented an unfragmented packet is its own last fragment. Fragment Offset: The fragment offset field, measured in units of eight-byte blocks, is 13 bits long and specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram. The first fragment has an offset of zero. This allows a maximum offset of (213 1) 8 = 65,528 bytes, which would exceed the maximum IP packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548 bytes). Time To Live (TTL): An eight-bit time to live (TTL) field helps prevent datagrams from persisting (e.g. going in circles) on the Internet. This field limits a datagrams lifetime. It is specified in seconds, but time intervals less than 1 second are rounded up to 1. In latencies typical in practice, it has come to be a hop count field. Each packet switch (or router) that a datagram crosses decrements the TTL field by one. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded. Typically, an ICMP message (specifically the time exceeded) is sent back to the sender that it has been discarded. The reception of these ICMP messages is at the heart of how traceroute works. Protocol: This field defines the protocol used in the data portion of the IP datagram. The Internet Assigned Numbers Authority maintains a list of Protocol numbers which was

originally defined in RFC 790. Common protocols and their decimal values are shown below. Header Checksum: The 16-bit checksum field is used for error-checking of the header. At each hop, the checksum of the header must be compared to the value of this field. If a header checksum is found to be mismatched, then the packet is discarded. Note that errors in the data field are up to the encapsulated protocol to handle indeed, both UDP and TCP have checksum fields. Since the TTL field is decremented on each hop and fragmentation is possible at each hop, then at each hop, the checksum will have to be recomputed. The method used to compute the checksum is defined within RFC 1071: The checksum field is the 16-bit ones complement of the ones complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero. In other words, all 16-bit words are summed together using ones complement (with the checksum field set to zero). The sum is then ones complemented and this final value is inserted as the checksum field. For example, use Hex 45000030442240008006442e8c7c19acae241e2b (20Bytes IP header): 4500 + 0030 + 4422 + 4000 + 8006 + 0000 + 8c7c + 19ac + ae24 + 1e2b = 2BBCF 2 + BBCF = BBD1 = 1011101111010001, the 1 S of sum = 0100010000101110 = 442E To validate a headers checksum, the same algorithm may be used the checksum of the header with the checksum field filled in should be a word containing all zeros (value 0). Source address: An IPv4 address is a group of four octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value. For example, the address 10.9.8.7 would be 00001010000010010000100000000111. This address is the address of the sender of the packet. Note that this address may not be the true sender of the packet due to network address translation. Instead, the source address will be translated by the NATing machine to its own address. Thus, reply packets sent by the receiver are routed to the NATing machine, which translates the destination address to the original senders address. Destination address: Identical to the source address field but indicates the receiver of the packet. Options: Additional header fields may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words). The list of options may be terminated with an EOL (End of Options List, 000) option; this is only necessary if the end of the options would not

otherwise coincide with the end of the header. The possible options that can be put in the header are as follows:

FIELD

SIZE(BITS)

DESCRIPTION

Copied Option Class Option Number Option length Option Data

1 2 5 8 Variable

Set to 1 if the options need to be copied into all fragments of a fragmented packet. A general options category. 0 is for control options and 2 is for debugging and measurement. 1 and 3 are reserved. Specifies an option. Indicates the size of the entire option (including this field).This field may not exist for a single options. Option-specific data. This field may not exist for simple options.

Note: If the Header Length is greater than 5, i.e. it is between 6 and 15, it means that the

Options field is present and must be considered. Note: the Copied, Option Class, and Option Number are sometimes referred to as a single eight-bit field the Option Type. The use of the LSRR and SSRR options (Loose and Strict Source and Record Route) is discouraged because they create security concerns; many routers block packets containing these options. Data: The last field is not a part of the header and, consequently, not included in the checksum field. The contents of the data field are specified in the protocol header field and can be any one of the transport layer protocols. Some of the most commonly used protocols are listed below, including their value used in the protocol field: 1: Internet Control Message Protocol (ICMP) 2: Internet Group Management Protocol (IGMP) 6: Transmission Control Protocol (TCP) 17: User Datagram Protocol (UDP) 89: Open Shortest Path First (OSPF)

132: Stream Control Transmission Protocol (SCTP)

Subnets:
Due to the explosive growth of the Internet, the use of assigned IP addresses became too inflexible to allow easy changes to local network configurations. These changes might occur when: A new physical network is installed at a location. Growth of the number of hosts requires splitting the local network into two or more separate networks. To avoid having to request additional IP network addresses in these cases, the concept of subnets was introduced. The host number part of the IP address is sub-divided again into a network number and a host number. This second network is termed a sub-network or subnet. The main network now consists of a number of subnets and the IP address is interpreted as: <network number><subnet number><host number> The combination of the subnet number and the host number is often termed the local address or the local part. Sub-netting is implemented in a way that is transparent to remote networks. A host within a network which has subnets is aware of the sub-netting but a host in a different network is not; it still regards the local part of the IP address as a host number. The division of the local part of the IP addresses into subnet number and host number parts can be chosen freely by the local administrator; any bits in the local part can be used to form the subnet accomplished. The division is done using a subnet mask which is a 32 bit number. Zero bits in the subnet mask indicate bit positions ascribed to the host number, and ones indicate bit positions ascribed to the subnet number. The bit positions in the subnet mask belonging to the network number are set to ones but are not used. Subnet masks are usually written in dotted decimal form, like IP addresses. The special treatment of all bits zero and all bits one applies to each of the three parts of a sub-netted IP address just as it does to both parts of an IP address which has not been sub-netted. For example:A sub-netted Class B network, which has a 16-bit local part, could use one of the following schemes: The first byte is the subnet number, the second the host number. This gives us 254 (256 minus 2 with the values 0 and 255 being reserved) possible subnets, each having up to 254 hosts. The subnet mask is 255.255.255.0. The first 12 bits are used for the subnet number and the last four for the host number. This gives us 4094 possible subnets (4096 minus 2) but only 14 hosts per subnet (16 minus 2). The subnet mask is 255.255.255.240. There are many other possibilities. While the administrator is completely free to assign the subnet part of the local address in any legal fashion, the objective is to assign a number of bits to the

subnet number and the remainder to the local address. Therefore, it is normal to use a contiguous block of bits at the beginning of the local address part for the subnet number because this makes the addresses more readable (this is particularly true when the subnet occupies 8 or 16 bits). With this approach, either of the subnet masks above are good masks, but masks like 255.255.252.252 and 255.255.255.15 are not. There are two types of subnetting: Static subnetting variable length subnetting Static Subnetting: Static subnetting means that all subnets in the subnetted network use the same subnet mask. This is simple to implement and easy to maintain, but it implies wasted address space for small networks. For example, a network of four hosts that uses a subnet mask of 255.255.255.0 wastes 250 IP addresses. It also makes the network more difficult to reorganize with a new subnet mask. Variable Length Subnetting: When variable length subnetting is used, the subnets that makes up the network may use different subnet masks. A small subnet with only a few hosts needs a subnet mask that accommodates only these few hosts. A subnet with many hosts attached may need a different subnet mask to accommodate the large number of hosts. The possibility to assign subnet masks according to the needs of the individual subnets will help conserve network addresses. Also, a subnet can be split into two parts by adding another bit to the subnet mask. Other subnets in the network are unaffected by the change. Not every host and router supports variable length subnetting. Only networks of the size needed will be allocated and routing problems will be solved by isolating networks with routers that support variable subnetting. A host that does not support this kind of subnetting would have to route to a router that supports variable subnetting. Variable length is the more flexible of the two. Which type of subnetting is available depends upon the routing protocol being used; native IP routing supports only static subnetting, as does the widely used RIP protocol. However, RIP Version 2 supports variable length subnetting as well. Currently, almost every host and router supports static subnetting

Mixing Static and Variable Length Subnetting: At first sight, it appears that the presence of a host which only supports static subnetting would prevent variable length subnetting from being used anywhere in the network. Fortunately this is not the case. Provided that the routers between subnets with different subnet masks are using variable length subnetting, the routing protocols employed are able to hide the difference between subnet

masks from the hosts in a subnet. Hosts can continue to use basic IP routing and offload all of the complexities of the subnetting to dedicated routers. .

A Class C Example:
Suppose an ISP assigns a Class C network address of 193.200.35.0 to an organization (XYZ). We will work through the 11 steps presented above in order to subnet this Class C network. 1. It is determined that XYZ currently needs 2 subnets, with practically no likelihood of adding other subnets in the future. Therefore, we set S (big S) at 2. 2. It is determined that XYZ currently needs at most 25 hosts on any subnet. In the future, subnet size is not expected to pass 30 hosts. Hence, we set H (big H) at 30. 3. To find the smallest integer s such that 2s 2 S, we first rewrite the inequality as 2s S + 2. Since S = 2, this becomes 2s 2 + 2 or 2s 4. 4. To find the smallest integer h such that 2h 2 H, we first rewrite the inequality as 2h H + 2. Since H = 30, this becomes 2h 30 + 2 or 2h 32. 5. XYZs assigned network address is 193.200.35.0, which begins with 193. Hence XYZ has a Class C network address for which T (big T) is 8 . 6. Now we can calculate s + h = 2 + 5 = 7, which does not exceed the value of big T (T = 8). Hence we have a solvable subnetting problem and can proceed to step 7. 7. Since s + h = 2 + 5 = 7 which is not equal to 8 (the value of T), we must carry out step 8 8. Since s + h = 2 + 5 = 7 is less than T = 8, we have r = T s h = 8 2 5 = 1 bit left over to increase the value of either s or h. Since in general XYZ is more likely to run short of subnets rather than hosts on a subnet, we allocate the extra bit to s, incrementing s so that now s = 3. Note that now s + h = 3 + 5 = 8 = T. 9. To determine the custom subnet mask for XYZs network, we start with the standard (default) subnet mask for Class C (XYZs network class), which is 255.255.255.0. We will replace the leftmost zero octet in the original subnet mask (i.e., the 0 in 255.255.255.0), with a new octet that will extend the subnetwork ID into the host ID. Calculate the new value for the original leftmost zero octet as 256 28 s, which is 256 28 3 or 256 25 or 256 32 or 224. Hence the custom subnet mask for XYZ network is 255.255.255.224. 10. Now we determine the valid network IDs for the new subnets by identifying the leftmost 0 octet in the original network ID assigned by the ISP. Since this network ID is 193.200.35.0, the leftmost 0 octet (the only 0 octet) is also the rightmost 0 octet (shown bolded). We now add 28 s = 28 3 = 25 = 32 to this 0 octet to get the new value for the octet in the first subnet ID: 32 + 0 = 32. Thus the network ID for the first subnet is

193.200.35.32 We continue adding 28 s to this octet until we either reach the value of the custom subnet mask (255.255.255.224) or until we have network addresses for 2s 2 subnets (these two conditions are equivalent and so will occur at the same time). In our case, 2s 2 = 23 2 = 8 2 = 6 subnets, so we continue adding 28 s five more times (for a total of six times) as shown below: Original Network ID (not a valid subnet address since subnet ID is all 0s) Address for subnet 1 Address for subnet 2 Address for subnet 3 Address for subnet 4 Address for subnet 5 Address for subnet 6 Custom Subnet Mask (not a valid subnet address since subnet ID is all 1s) 193.200.35.0 193.200.35.32 193.200.35.64 193.200.35.96 193.200.35.128 193.200.35.160 193.200.35.192 193.200.35.224

11. To determine the valid IP addresses for each subnet, we begin with the network ID for the subnet. Let us start with the first subnet whose address (is 193.200.35.32. To find the first IP address on the subnet, we add 1 to the rightmost octet of the subnet address: 32 + 1 = 33. Thus the first IP address on subnet 1 is 193.200.35.33 We will continue incrementing until we reach 255, or until the next increment would reach two less than the next subnet address, or until we have generated 2 h 2 IP addresses (these last two conditions are equivalent and will always occur at the same time). Since in our case h = 5, we can expect 25 2 = 32 2 = 30 IP addresses per subnet. The valid IP addresses for subnet 1 are shown in the following table:
Subnet 1 Address # IP Address

1 2 3 4 5 6 7 8 9 10 11

193.200.35.33 193.200.35.34 193.200.35.35 193.200.35.36 193.200.35.37 193.200.35.38 193.200.35.39 193.200.35.40 193.200.35.41 193.200.35.42 193.200.35.43

Subnet 1 Address #

IP Address

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

193.200.35.44 193.200.35.45 193.200.35.46 193.200.35.47 193.200.35.48 193.200.35.49 193.200.35.50 193.200.35.51 193.200.35.52 193.200.35.53 193.200.35.54 193.200.35.55 193.200.35.56 193.200.35.57 193.200.35.58 193.200.35.59 193.200.35.60 193.200.35.61 193.200.35.62

Note: If we increment the last octet of the 30th IP address we get 63, which is one less than the network ID for the next subnet. Hence 193.200.35.62 is indeed the final IP address on subnet 1. The IP addresses for the remaining 5 subnets can be found in a similar manner.

INTERNET CONTROL MESSAGE PROTOCOL (ICMP): Internet Control Message Protocol (ICMP) is used to communicate specific information between hosts about network or communications problems. Ping was designed to use ICMP in a heterogeneous local area network environment to determine the round trip time and availability of a remote host. Ping was never intended for use in the general Internet, but it is the most commonly used network troubleshooting tool available. Words, as always, pose a problem. When people talk about TCP/IP protocols, they say that The Internet is based on then. Now, this is a misnomer for the very simple reason that when people say that the Internet is based on the TCP/IP, what they really mean is the Internet Protocol suite of which TCP and IP are two components. There is also another extremely important component called the ICMP, the Internet Control Message Protocol. Now, a protocol is nothing but a set of rules. Within the Internet Protocol, data is carried by the TCP, UDP etc. We however also need something to tell us whether the part of the Internet we are connected to or want to access is in working condition or not. This is done

by ICMP. Thus all that ICMP does is perform diagnostic tasks on the Internet, and is not used to carry any data. In this sense, the structure of ICMP is a lot like IP. In fact, ICMP is always carried by the IP or encapsulated within the IP data packets. IP header ICMP messages IP payload

Normally ICMP is used and implemented more in routers than in individual computers on the Internet. On the other hand, TCP is implemented in the individual computers and not in routers. ICMP is an extremely simplistic protocol. The first four bytes of any ICMP message always have the same format. The rest of the message depends upon the version of IP being used. ICMP is closely tied to IP. The new version of IP, IPv6 has a completely new ICMP protocol. The reason ICMP changes with every version of IP is because it deals with IP and routing error messages most of the time and when the base technology evolves, ICMP has to mutate to keep up. The ICMP protocol is quite simple. In the present format the first byte is a number that tells us the Type of the ICMP packet. The second byte is called Code. From a combination of Type and Code, we can determine the exact nature of any problem on the Internet. These two bytes are followed by two bytes used for Checksum which is calculated taking into account the entire ICMP packet. The best way to understand ICMP is to understand the working of two programs which we wrote using ICMP. These programs are called Ping and Traceroute. The Ping program first creates a normal healthy IP header and it adds the ICMP headers to that. The Protocol field in the IP header is set to 1 to indicate that the packet is an ICMP datagram. The ICMP header looks like this: Type Code Checksum Id Id Sequence Sequence Optional data for the type no no

PING: In a Ping program, the first ICMP packet starts off with an 8 which stands for 'Echo Request'. This means we're asking the destination server to Echo the packet back to us

when it receives it. In this way we can both time the packet and check the reliability of the link. This first byte is known as the Type Field. The next byte is a zero and stands for the Code. After that come two bytes for the Checksum and right after that come another two bytes for the Identifications number. The ID has to be unique. The next two bytes constitute the Sequence Number. Finally, we can add any optional data if we so desire. The data added will be echoed back to us so that we can check the reliability of the line. The optional data must not be more than 64 KB in size or the machine at the other end may hang!! This is known as the Ping of Death and it occurs when we send more than 64 Kb of data (the upper limit specified in the ICMP RFC). The extra data we send exceeds the size of the buffers and often ends up overwriting other information in memory. This causes the machine at the other end to do all sorts of strange and interesting things! This programming bug is specific to certain Operating Systems only. Once we're through creating both the headers and the packet, we shoot is across to the router or server we want to test. If the machine at the other end is up, it responds immediately. When it receives an ICMP Echo Request, it'll respond with an ICMP Echo Reply. While generating the reply, the computer will simply swap the source and destination IP addresses in the IP header and replace the 8 in the ICMP Type Field with a 0 (for Echo Reply). It'll then slap in the optional data it's received (if any) and recalculate all the checksums. The reply will then be shot back to us. When we receive the packet, we store the time and compare that with the time the Echo Request was sent. In this way we can calculate the round trip time of the packet. We can also check the data for changes and gauge the dependability of the link

Traceroute: A traceroute is just a modified Ping program. There is a one byte field in the IP header called the Time To Live or TTL. This field holds the largest number of routers that particular packet can meet on the way to its destination. This field was implemented to make sure that a packet that went AWOL wouldn't end up wandering the Internet forever. So if the value of the TTL is 10, then the packet see's only 9 routers. That's because each router decrements the value in the TTL field and when the ninth router gets the packet, it decrements the TTL by one (1-1=0) and then discards it when it see's that the TTL's zero. When the packet is discarded, the router sends us a 'TTL Expired' ICMP error message (the Type Field is 11).

If we were to set the TTL to 1 and then dispatch a packet to a server like www.nccs.com, it'll be dropped by the first router in its path (TTL - 1=0). That router will then send us a TTL Expired message. From that error message we can discover the identity (the IP address) of the router and from the IP address we can get the name of that machine. The next packet we send will have a TTL of 2 and will be dropped by the second router, which will then dispatch an error message and so on till the packet reaches the server. The server will see that the ICMP packet is an Echo Request and it'll send us an Echo Reply. In this way we can trace the exact route our packets will take to and fro from a certain site. The bytes received when we generated the packet explain all that there is to understand traceroute.

Address Resolution Protocol (ARP): The address resolution protocol (ARP) is a protocol used by the Internet Protocol (IP), specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is used over Ethernet. The term address resolution refers to the process of finding an address of a computer in a network. The address is resolved using a protocol in which a piece of information is sent by a client process executing on the local computer to a server process executing on a remote computer. The information received by the server allows the server to uniquely identify the network system for which the address was required and therefore to provide the required address. The address resolution procedure is completed when the client receives a response from the server containing the required address. There are four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the operation field of an ARP message. The types of message are: 1. ARP request 2. ARP reply 3. RARP request 4. RARP reply
Operation Flow:

When a device needs to send an IP packet to another device on the local network, the IP software will first check to see if it knows the hardware address associated with the destination IP address. If it founds then the sender simply transmit the data to the destination. However, if the destination system's hardware address is not known then the IP software has to locate it before any data can be sent. at this point, IP will call on ARP to locate the hardware address of the destination system. ARP achieves this task by issuing a low level broadcast onto the network, requesting that the system that is using the specified IP address respond with its hardware address. if the destination system is powered up and on the network, it will see this broadcast (As will all of the other devices on the local network), and it will return an ARP response back to the original system. not that the

response is not broadcast back of the network. but is instead sent directly to the requesting device.
ARP structure:

ARP packets work at the data-link layer, the same as IP packets. As such, ARP packets are completely separate from IP packets; they even have a different protocol ID of 0806, instead of 0800 as used with IP.ARP packets contain several fields, although only five of them are actually used to proved ARP's functionality. Field
` Source Hardware address Source IP address Destination Hardware address Destination IP address Message-Type The hardware address of the sender's device The network address of the senders device The hardware address of the receiver's device (when this field is unknown ARP set it to all-zero) The network address of the receivers device Indicates whether the current ARP packets is a request or a response to a request

Usage

ARP Request:

When a device is sending ARP request, it fills in three of the four address-related fields, providing its own hardware and IP address, as well as the IP address of the target. the destination hardware address is yet unknown so that field is filled with zeros. In addition it will set the message type to indicate that the current packet is an ARP request, and then broadcast the request onto the local network for all devices.
ARP Reply:

All of the local devices should monitor the network for ARP broadcasts, and whenever they see a request for themselves they should generate a response packet and send it back to the requesting system. The response packet will consist of the local device's IP address of the original sender. The response will also be marked as such, with the message-type field indicating that the current packet is an ARP response. the new ARP packet is then unicast directly to the original requester, where it is received and processed .

ARP operation:

REVERSE ADDRESS RESOLUTION PROTOCOL (RARP): RARP is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.

A reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network. The RARP message format is very similar to the ARP format. When the booting computer sends the broadcast ARP request, it places its own hardware address in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill in the correct sending and receiving IP addresses in its response to the message. This way, the booting computer will know its IP address when it gets the message from the RARP server. RARP request packet is usually generated during the booting sequence of a host. A host must determine its IP address during the booting sequence. The IP address is needed to communicate with other hosts in the network. When a RARP server receives a RARP request packet, it performs the following steps: 1. The MAC address in the request packet is looked up in the configuration file and mapped to the corresponding IP address. 2. If the mapping is not found, the packet is discarded. 3. If the mapping is found, a RARP reply packet is generated with the MAC and IP address. This packet is sent to the host, which originated the RARP request. When a host receives a RARP reply packet, it gets its IP address from the packet and completes the booting process. This IP address is used for communicating with other hosts, till it is rebooted. The length of a RARP request or a RARP reply packet is 28 bytes. The 'operation' field in the RARP packet is used to differentiate between a RARP request and a RARP reply packet. In an RARP request packet, the source and destination IP address values are undefined. In a RARP reply packet, the source IP address is the IP address of the RARP server responding to the RARP request and the destination IP address is the IP address of the host that sent the said RARP request. Since a RARP request packet is a broadcast packet, it is received by all the hosts in the network. But only a RARP server processes a RARP request packet, all the other hosts discard the packet. The RARP reply packet is not broadcast, it is sent directly to the host, which sent the RARP request. If more than one RARP server responds to a RARP request, then only the first RARP reply received is used. All other replies are discarded. If a RARP reply is not received within a reasonable amount of time, the host, which sent the RARP request, will not be able to complete its booting sequence. Usually, the host will again retry sending the RARP request after a timeout period.
RARP operation: