Now that we have got to know various Link layer technologies and have familiarized

ourselves with the principles of IP addressing, let's have a closer look at the Internet layer of
the TCP/IP protocol stack.

The Internet layer is responsible for the addressing, encapsulating and routing of data to be
transmitted.

In this chapter, we will focus on the four most important protocols of this layer. First we will
take a look at the Address Resolution Protocol ARP, and the Internet Protocol IP, together
with its latest version - Internet Protocol version 6 (Ipv6). Then we will study the Internet
Control Message Protocol, ICMP, and later on the Internet Group Management Protocol,
IGMP.

But let's start with the Address Resolution Protocol, ARP.

In order to communicate with each other across a network, the hosts must know each other's
hardware address, or MAC address. The mapping of an IP address onto a hardware address
is called address resolution, and is the task of the Address Resolution Protocol (ARP).

The procedure consists of an ARP request and an ARP reply. But we must differentiate
between local or remote computers.

First of all, let's examine the resolution of a local IP address.

As soon as a host tries to communicate with another local host, an ARP request is initiated. If
IP establishes that the IP address is local, the source host scans its internal memory, the ARP
cache, for the destination host's hardware address. If no entry is found, ARP initiates a
request by asking: "Which computer does this particular IP address belong to, and what is its
hardware address?" The request is broadcast over the local network, and each host receiving
the request checks whether the requested IP address agrees with its own. If it doesn't, the
host ignores the request.

But if it agrees, it sends an ARP reply containing its hardware address back to the source
host. Then it updates its ARP cache with the source host's IP - and MAC address.
Communication is possible as soon as the source host receives the reply.

If a source host wants to send data to the IP address of a host in a remote network, the
source host must first find out the hardware address of the default router. To do this, the
source host sends out an ARP request containing the router's IP address. Thereupon the
default router sends an ARP reply containing its own hardware address back to the source
host. Now the source host can send the data packet to the default router's hardware address.
The packet contains the destination host's IP address. The router looks up this IP address in
its routing table, and uses this information to forward the data packet to the destination host.
The most important protocol at the Internet layer is the Internet Protocol, or IP. It is a
connectionless protocol responsible above all for the addressing and routing of packets
between the hosts. Connectionless means the data is transmitted as independent packets.
There is no logical end-to-end connection between the two communicating parties. We can
compare it to the transmission of a telegram. IP is an unreliable protocol, as it does not
guarantee the delivery of a packet. IP functions according to the principle of "Best Effort". This
means it will, in any case, do its best to deliver the packet correctly. On its way to the
receiver, though, a packet might get lost, be delivered out of sequence, be duplicated or held
up.

IP is also responsible for data fragmentation, that means the splitting of large data packets
into smaller ones. The process of putting together the small packets at the receiver is called
reassembling.

No acknowledgement is sent back when the data reaches the destination system. Neither the
sender, nor the receiver are informed if a packet gets lost or is transmitted out of sequence.
This is the responsibility of a higher protocol, like e.g. TCP.

IP is a datagram-switching protocol. This means that each packet is an unnumbered message

requiring no acknowledgement, which is routed across the network based on its unique IP
address.

The IP datagram consists of a header and the payload data. The header's length can vary
between 20 and 60 bytes, and can be incremented in steps of four bytes. It provides various
kinds of information, like on the routing priority of an IP datgram, its size and the payload data
contained.

The payload size varies between 8 and 65,515 bytes. Furthermore, the IP header contains
fields which play a role in fragmentation. If necessary, IP options can also be contained.

Let's zoom in on the IP header.

The IP header is between 20 and 60 bytes long. The last 40 bytes can be filled with IP
options. These are not vital. They are sometimes required for control purposes, and can
provide functions which are not normally contained in an IP header.

The first 20 bytes of the IP header contain information on the Internet Protocol version used,
the IP header's length and the priority of the IP datagram, also called the Type of Service.
They also contain the IP packet's total length including the payload, as well as the
identification field, different flags, and the Fragment Offset.

Furthermore, there is the TTL field, which defines the time to live of a packet. The Protocol-
Identifier field defines which higher protocol is included in the IP packet, whereas the Header
Checksum Field contains a checksum on the IP header.

At the end of the header we find the source and the destination IP addresses, as well as the
options and padding bytes we already talked about.

But what purposes do the fields' individual bits and bytes serve?

Let's consider this in greater detail.

The 4 bit long version field defines the IP header version used. We will recall that a 4-bit field
can take on a value from 0 to 15. The current standard is version 4, or IPv4. A newer version
of IP is version 6, or IPv6, which we will discuss later on. All other values in the version field
are left unused.

The header length field is also 4 bits long, and indicates the size of the IP header. Since the
maximum value 4 bits can represent is 15, this field cannot be a byte counter, because even
the shortest header is 20 bytes long, which couldn't be represented. Instead, the number is
represented in 32 bit words, i.e. in blocks of 4 bytes, of which the header consists. A typical IP
header contains no options and is 20 bytes long. Thus the smallest possible block size is 5,
that is 5 times 4 bytes makes 20 bytes.

The maximum size of an IP header with options is 60 bytes, which would be indicated by a
value of 15 in the header length field.

This also means that the header size must always be a multiple of four, and that the options
must be increased in steps of four bytes so they can be shown in 32 bit words.

The type of service field is 8 bits long and indicates the quality of service the routers must use
to forward this datagram. It shows the following structure:

• The 3 bit long priority field indicates the importance of the datagram, i.e. its priority.
• The delay flag indicates normal delay íf it is set to 0, or short delay if it is set to 1. If
the delay is set to 1, the routers choose the paths with the lowest delay
characteristics. This could be required if delay-sensitive data like speech, video or an
interactive application is transmitted.
• With the throughput flag it is similar. If it is set to 1, datagrams are routed over the
paths with the highest data throughput. This information helps routers to decide, for
example, whether a high-bandwidth satellite link should be preferred over a terrestrial
link.
• In overload situations the routers use the reliability flag to decide which IP datagrams
should be deleted first. Datagrams with their reliability flag set to 1 are deleted last.
• The minimize cost flag refers to the costs of the transmission. If it is set to 1, the
datagrams are routed over the most inexpensive paths.
• The last bit is always set to 0 and is ignored by the routers.

The total length field is 2 bytes long and indicates the size of the entire datagram, i.e. the
header and the payload. These 16 bits can represent a total length of up to 65,535 bytes.

The two bytes of the identification field identify an IP datagram from source to destination.
The sending host sets the value of this field, and increases it for each subsequent IP
datagram. This identifies the single fragments of an original datagram. The flag bits that follow
include 2 fragmentation flags indicating if this datagram can be fragmented, and whether
further fragments will follow.

The 13 bits of the Fragment Offset indicate the position which the fragment data takes in the
payload of the original IP datagram.

The Time-to-Live, or TTL field determines how many hops an IP datagram can cover before
being deleted by a router.

At each router, the TTL value is decreased by 1. As soon as the value becomes 0, the
datagram is deleted. This prevents the packet from circulating around the network for ever,
causing unnecessary traffic.
The 1 byte long protocol identifier serves to identify the higher level protocol contained in the
payload. Typical values for the protocol field are 6 for TCP, or 17 for UDP. The header
checksum field verifies the integrity of the IP header, leaving out the payload data. The
sending host calculates the checksum, and each router between the source and the
destination checks this field before processing the packet. If the check produces a negative
result, the packet is deleted. Since each router between the source and the destination
decreases the TTL value by 1, the checksum is different at every router. It is computed by
creating a ones complement out of every 16 bits of the header. These complements are
added, and another ones complement is created out of this sum. The result is entered into the
checksum field.

The source- and destination address fields are 4 bytes each, and contain the IP addresses of
the source host and the destination host respectively. The IP header can be extended by 40
bytes of options on security and network management tasks. If the options don't fill a 32 bit
word completely, it must be filled up with padding bits so the length of the IP header can be
inserted into the Header Length Field.

There are limitations as to the packet size a network can manage. Each network has a
maximum permissible packet size. A packet that exceeds this, cannot really be transmitted
over this network.

But even packets exceeding the Maximum Transmission Unit - or MTU, as it is called - can be
sent across the network in question.

For this purpose the datagram's payload is fragmented into smaller packets.

Each of these fragments is provided with a complete IP header and transmitted as an

independent data packet. The fragments can be routed over different paths, and arrive in a
different sequence than they were sent.

The original datagram can be reassembled at the receiver using the flags, the fragment offset,
and the identification.

Let's look at the following example.

Let's look at an IP datagram whose total length is 4,482 bytes - that's 20 bytes of header and
4,462 bytes of payload data. The router which provides the connection between the networks
scans its routing table and detects that the adjacent network only allows packets with a
maximum size of 1,500 bytes.

After that, the router checks the don't fragment flags to make sure the datagram can be
fragmented. If the flag is set to 0, the router splits the payload data into 3 fragments of 1,480
bytes each, with 22 bytes left over. Then it places an IP header in front of each packet.

On their route from the sender to the receiver, the fragments are treated like independent
data packets which happen to have the same destination and source address, the same
protocol type ID and fragmentation flags. Since data can be lost on its way from a router to
the receiver, the reassembling of a datagram must be limited in time, to prevent it from
occupying more network resources than necessary. The procedure is controlled by a timer.
The timer is started on the receipt of a fragment, and is set to the initial value each time
another fragment arrives.

The data flow and the reassembly of the original datagram are only maintained if the
fragments are received within a determined, timer-set period. Let's examine this in more
detail.
A fragment with its "more fragments", or MF flag, set to one indicates that not all fragments of
a data packet have been transmitted, and that more fragments should follow. The last
fragment's MF flag is not set. This means that all fragments of the datagram have been
transmitted within the maximum permissible reassembly time, and that the reassembly can be
brought to a successful end. In this case, the datagram is forwarded to the protocol of the
next higher layer.

But it can also happen that, in spite of the last fragment's MF flag being set, no further
fragment is received within the defined, timer-set period. Thus the receiver of the data will
have to assume that, although further fragments are due, they are not going to arrive. It will
conclude that data has got lost on the way. The reassembly is broken off, and the fragments
received up to then are deleted.

Routing, i.e. the process of selecting a path for the packets, takes place both at the sender
and at the router.

Both must decide where the packets are to be forwarded.

To do this, they consult a routing table stored in their databases. The table contains lists of
router interfaces for communication with other networks.

When a route has been selected, the packet is sent on to the next router, and is finally
delivered to the receiver. If no route can be found, a message is sent to the source host. How
a router obtains its routing information depends on whether it supports static or dynamic
routing.

Static routing is an IP function. Static routers require manually established and updated
tables. When a route changes, static routers don't inform each other of the change, and they
don't exchange the information with dynamic routers either. This is also the advantage of
static routing, because this lack of communication reduces the net load considerably. Static
routing is not recommended for large networks, since the administration effort updating the
tables grows disproportionately with the size of the network.

Dynamic routing is a function provided by routing protocols, such as the Routing Information
Protocol (RIP), and Open Shortest Path First (OSPF). Routing protocols operate between
dynamic routers, and exchange paths to known networks at regular intervals. When a route
changes, the other routers are automatically informed of the change.

The advantage of this is easy configuration. The disadvantages are that communication
between the routers increases the net load, and that the routing tables grow considerably, as
each known interface gets an entry.

Version 4 of the Internet Protocol, which is still in use today, has not been changed or
updated much since its development in the 1970s. A that time nobody could foresee the
growth of the Internet, and that the address space of IP version 4 would be exhausted in the
end. Therefore, a new IP version became necessary that would meet the requirements of a
entirely new packet structure.

Thus, IP version 6 has been developed to eliminate the current problems with network
addressing, and to provide sufficient address space in the long term. Let's look at the
characteristics of IP version 6.
IP version 6, or IPv6, disposes of 128 bits of address space, which is four times that of IPv4.
This allows the representation of 3 x 10 to the 38 addresses - enough to supply every square
meter of our planet with 667x10 to the 21 IP addresses.

An IP address is a 16 bit hexadecimal value, subdivided by colons, like

4A3F:AE67:F240:56C4:3409:AE52:440F:1403

Delay sensitive services like speech or video will be assigned a guaranteed bandwidth with a
fixed delay.

Finally, an IPv6 address can be easily extended with extension headers to support a great
variety of functions.

Let's have a closer look at the header.

The first 4 bits indicate the protocol version. The following 8 bits belong to the traffic type and
are used to determine the priority, to guarantee a certain quality of service. The flow label
contains 20 bits. Packets which belong to the datastream of a specific traffic type, are marked
in order to identify the datastream to which they belong. The 16 bits of the payload length
specify the length of the payload transmitted in the packet. The "next header" field determines
the header type that comes directly after the Ipv6 header. The hop limits field is one byte long
and determines the number of hops a packet can cover before it is deleted.

The source and the destination address are each 128 bits long, and are situated at the end of
the header.

We can see that the IPv6 header occupies very little space, but nevertheless offers maximum
functionality.

Let us examine another protocol of the Internet layer: the Internet Control Message Protocol
ICMP. While IP takes care of IP routing between networks, ICMP sends error- and control
messages on instructions of the IP protocol. ICMP does not try to make IP a reliable protocol.
It merely tries to report errors, and, under certain circumstances, to give feedback.

ICMP messages are transported in IP datagrams, and therefore are not reliable. When a host
transmits datagrams to another host at a certain data rate which fully occupies the router
capacity, the router can send an ICMP Source Quench message and ask for a slowdown of
the transmission speed. The sending host receives the Source Quench message and
consequently reduces the speed with which the datagrams are transported.

ICMP messages are transmitted as datagrams. To do this, an ICMP message consisting of

an ICMP header and the ICMP data is encapsulated with an IP header. The resulting IP
datagram, is in turn encapsulated with the header and trailer of the Link layer. The source IP
address field in the header of the ICMP message is set to the router, or to the host interface
that sent out the ICMP message. The destination IP address field is set to the address of the
host that sent out the faulty packet.

Each ICMP message has the same structure, consisting of:

• A Type field, which is 1 byte long and indicates the type of ICMP message.
• A Code field, which is also 1 byte long and determines several possible functions for
a certain type of message.
• The 2 byte Checksum field, which uses the same algorithm lP uses for the IP header
checksum.
 • Finally, each ICMP message contains specific data that varies depending on the
ICMP message type.

Here are the most frequently used ICMP message types:

• Echo Reply: this information is sent to the sender of a datagram, and indicates why a
datagram could not be delivered.
• Redirect: the sender receives a Redirect message, indicating the router that is able to
forward the datagram to its destination.
• Source Quench: this message is sent out in overload situations.
• Time Exceeded: this indicates that the message couldn't be reassembled at the
receiver in the given time interval.
• Parameter Problem: this ICMP message is typically triggered by wrong parameters in
the IP options.

The Internet Group Management Protocol (IGMP) informs the router that hosts of a specific
Multicast Group are on a network. This information is passed on to other routers, so that each
router is notified of which host groups are located on which network. IGMP packets are
transported as IP datagrams, and therefore are not reliable.

The structure of the IGMP packets resembles that of the ICMP packets. An IGMP packet
consists of the 4 bit long Version field, which is set to 0001 binary to indicate that IGMP
version 1 is used.

The 4 bit Type field indicates the message type. Type 1, binary 0001, is called a Host
Membership Query and is used by a router to search the network for members of a specified
multicast group. Type 2, binary 0010 is known as the Host Membership Report and is used by
hosts to declare that they are members of a specific group or to reply to a router's Host
Membership Query.

The next field is 1 byte long. It is left unused and padded with zeros by the sender. The
receiver ignores this field. The Checksum field checks the 8 bytes of the IGMP header, using
the known algorithm.

Finally, the 4 bytes of the Group Address field are used by hosts in a Host Membership
Report to store the IP multicast address. In the Host Membership Query it is set to 0 and the
hardware multicast address is used to identify the host group.