Computer Networks

Network Layer -
Internet Protocol

Prof. Dr. Oliver Hahm

2023-12-08

The Narrow Waist of the Internet

Tasks of the Network Layer:

Inter-Networking
Providing logical addresses
Forwarding packets
Finding the best path \(\rightarrow\) Routing
Devices: Router
Protocols: IPv4 (RFC 791) and IPv6 (RFC 2460)

Addressing

Computer Network Addresses

How many MAC address does your computer have?
How many IP address does your computer have?

Purpose and Format

Addressing in the Network Layer

Physical addresses (\(\rightarrow\) MAC addresses) are bound to a device
\(\Rightarrow\) it is impossible to maintain a logical hierarchy or replace hosts in a transparent manner
Logical addresses are required, which are independent from the specific hardware
- Logical addressing separates the logical position within the network from a physical device

Address Assignment

For local networks manual address assignment is typically not desired, hence mechanisms for address autoconfiguration are required.

Format of IP Addresses

IPv4 addresses have a length of 32 bits (4 bytes)
- Thus, the address space contains \(2^{32} = 4,294,967,296\) possible addresses
IPv6 addresses have a length of 128 bits (16 bytes)
- Thus, the address space contains \(2^{128} = 3.4 * 10^{38}\) possible addresses

Address space = amount of all valid network identifiers

The usual representation of IPv4 uses the dot-decimal notation
e.g., 198.51.100.23 ¹
The usual representation of IPv6 uses the hexadectets (quad-nibbles) seperated by colons
e.g., 2001:0db8:0000:0000:0000:ff00:0042:8329 ²

IPv4 Networks

Network Identifier and Host Identifier

The 32 bits of an IPv4 address are split into
- Network identifier (network ID)
- Host identifier (host ID)
All hosts with an identical network ID are in the same network
How many bits are used for the network ID differs
- The fewer bits are used for the network ID, the more bits remain for the host ID
- \(\Rightarrow\) The more hosts a network may comprise

(Sub)Netmasks

For specifying the network size a (sub-)netmask is required
- All hosts in a network have a netmask assigned
- A network may be further divided by using the first bits of the host as subnet identifier - this process is called subnetting
Structure of the netmask:
- 1-bits indicate, which part of the address space is used for network IDs
- 0-bits indicate, which part of the address space is used for host IDs

Two host IDs are reserved
(i.e., cannot be assigned to network devices):

Network Address: All host ID bits are set to 0 \(\Rightarrow\) reserved to identify the network itself
Broadcast Address: All host ID bits are set to 1 \(\Rightarrow\) reserved for the broadcast address

Netmask Examples

Subnetting Example

Address Classes

Originally, IPv4 addresses were categorized into classes from A to C
- Additionally, the classes D and E for special purposes existed

Class	Prefix	Address range			Network ID	Host ID
A	`0`	0.0.0.0	-	127.255.255.255	7 bits	24 bits
B	`10`	128.0.0.0	-	191.255.255.255	14 bits	16 bits
C	`110`	192.0.0.0	-	223.255.255.255	21 bits	8 bits
D	`1110`	224.0.0.0	-	239.255.255.255	—	—
E	`1111`	240.0.0.0	-	255.255.255.255	—	—

\(2^{7}=128\) class A networks with a maximum of \(2^{24}=16,777,216\) host addresses each
\(2^{14}=16,384\) class B networks with a maximum of \(2^{16}=65,536\) host addresses each
\(2^{21}= 2,097,152\) class C networks with a maximum of \(2^{8} = 256\) host addresses each
Class D contains multicast addresses
Class E is reserved for future purposes and experiments

Drawback of Address Classes

The original intention was to identify physical networks in an unique way via the network ID
Drawbacks of Address Classes:
- It is impossible to dynamically adjust them
- Many addresses are wasted
  - A class C network with 2 devices wastes 253 addresses
  - The address space of class C networks is quite small
  - A class B network with 256 devices wastes \(>\) 64,000 addresses
  - Only 128 class A networks exist
  - Migrating multiple devices to a different network class is complex task
Solution: Logical networks are divided into subnets
- 1993: Introduction of the Classless Interdomain Routing (CIDR)

Syntax of the Classless Interdomain Routing (CIDR)

According CIDR IP address ranges are represented by this notation:
Network address/mask bits
- The number of mask bits indicates the number of 1-bits (prefix) in the subnet mask
The table shows the possible splits of a class C network into subnets

Mask bits (prefix)	`/24`	`/25`	`/26`	`/27`	`/28`	`/29`	`/30`	`/31`	`/32`
Subnet mask	`0`	`128`	`192`	`224`	`240`	`248`	`252`	`254`	`255`
Subnet bits	`0`	`1`	`2`	`3`	`4`	`5`	`6`	`7`	`8`
Subnets IDs	`1`	`2`	`4`	`8`	`16`	`32`	`64`	`128`	`256`
Host bits	`8`	`7`	`6`	`5`	`4`	`3`	`2`	`1`	`0`
Host IDs	`256`	`128`	`64`	`32`	`16`	`8`	`4`	`2`	—
Hosts (maximum)	`254`	`126`	`62`	`30`	`14`	`6`	`2`	`0`	—

Subnets and Routing

Source: Computernetzwerke. Peterson and Davie. dpunkt (2000)

All hosts inside the same subnet have the same subnet mask
If a host wants to transmit a packet, it performs a logical AND operation for its own subnet mask and the destination IP address
- If the result is equal to the subnet address of the sender, the sender learns that the destination is inside the same subnet
- If the result does not match the subnet address of the sender, the packet must be transmitted to a router, which forwards it to another subnet

Private Networks

Private IPv4 Address Spaces

In private networks, it is also required to assign IPs to network devices
- These addresses are not allowed to interfere with global accessible Internet services
Several address spaces exist, containing private IP addresses
- These address spaces are not routed in the Internet

Address space:	10.0.0.0 to 10.255.255.255
CIDR notation:	10.0.0.0/8
Number of addresses:	\(2^{24}\) = 16,777,216

Address space:	172.16.0.0 to 172.31.255.255
CIDR notation:	172.16.0.0/12
Number of addresses:	\(2^{20}\) = 1,048,576

Address space:	192.168.0.0 to 192.168.255.255
CIDR notation:	192.168.0.0/16
Number of addresses:	\(2^{16}\) = 65,536

Network Address Translation (NAT)

Problem: There are not enough public, i.e., globally routable IPv4 addresses for all Internet connected devices
- Therefore, LANs usually use a private IPv4 address space
- How can network devices with a private, i.e., not globally unique IP address communicate with network devices over the Internet?
Solution: Network Address Translation (NAT)
- A local router connecting the private network to the Internet presents itself as the source of IP packets that it forwards from the hosts in the private network to the Internet
- It maintains a lookup table in order to being able to forward incoming replies to the hosts in the private network
- It uses the \(\rightarrow\) ports from the transport layer as a key in this lookup table

Clients X, Y, and Z are inside a network with a private IP address range
Only the router has a globally routable IP address
- It does appear to the outside world as just a network device with a single public IP address and not as a router

Client X sends a request for a web page
- The request (message 1) contains the IP address and port number of X as source addresses and the IP address and port number of the server as destination addresses
The router replaces the IP and port number of the client with its own addresses inside the forwarded request (message 2)

The router stores the mappings between the router ports and the corresponding network devices inside its local NAT table
The reply of the server (message 3) is targeted towards the IP of the router
- The router replaces the address information according to the table and forwards the reply to X (message 4)

With IPv6, NAT is unnecessary because the address space is large enough to allocate globally accessible addresses to all network devices
- However, NAT has advantages for network security because hosts, services, or the Internal network structure are not exposed to the global Internet

Fragmentation

Packet Fragmentation

The split up (and reassembling) of IP packets into smaller packets (fragments) is called Packet fragmentation
Either done by routers along the path or already at the sender
Reason for packet fragmentation:
- The maximum packet length depends on the network technology used

The Maximum Transmission Unit (MTU) specifies the maximum payload of a frame (and thus the maximum size of an IP packet too)
- MTU of Ethernet: usually 1,500 bytes
- MTU of WLAN (IEEE 802.11): 2,312 bytes
- MTU of PPPoE (e.g., DSL): \(\leq\) 1,492 bytes
- MTU of ISDN: 576 bytes
- MTU of FDDI: 4,352 bytes

IPv4 packets contain a flag which can be used to prohibit fragmentation
- If a router needs to fragment a packet because it is too large to forward, but the fragmentation is prohibited in the packet, the router discards the packet because he cannot forward it

If a network device does not receive all fragments of an IP packet within a certain period of time (a few seconds), the network device discards all received fragments
Routers can split IP packets into smaller fragments, if the MTU makes this necessary and it is not prohibited in the packets
But only the receiver can assemble fragments, none of the routers along the path

IPv6 Networks

A “new” Internet Protocol

Limitations of IPv4

The IPv4 packet format has drawbacks
Newer hardware obsoletes some of the design choices
The address space is exhausted

A very short history of IPv6

In 1992 the IETF working group IPng proposed seven ideas for a successor
In 1995 IPv6 was specified as RFC 2460
In 2011 all major OS provide a product-ready IPv6 implementation
In 2023 \(\approx\) 40 % of all Google users use IPv6 addresses

Source: Wikipedia, Author: Michel Bakni, License: CC BY-SA 4.0

Source: Google IPv6 Stats

IPv6 Improvements

Addressing
- \(3.4 * 10^{38}\) addresses should suffice for the foreseeable future
- Simplifies address hierarchies
- More than one address per interface is common
Simplified administration
- Auto-configuration without additional protocols (like DHCP for IPv4)
- Renumbering of entire networks is much easier
Security
- The IPsec header extension enables authentication, integrity, and confidentiality

Simplified format
- Lean header with a fixed size plus optional next headers with a standardized format
- No checksum, no fragmentation
Improved Support for mobile applications
- Improved support for multicast and anycast
- Support for mobile devices

Representation of IPv6 Addresses

Rules for simplification (RFC 5952):
- Leading zeros within a block may be omitted
- Successive blocks with value 0 (= 0000), may be omitted exactly once within an IPv6 address
  - If blocks are omitted, this is indicated by two consecutive colons
  - If several groups of null blocks exist, it is recommended to shorten the group with the most null blocks
Example:
- The IPv6 address of riot-os.org is: 2a01:04f9:001a:9508:0000:0000:0000:0001 \(\Longrightarrow\) 2a01:4f9:1a:9508::1

Notation of IPv6 addresses (URLs)

IPv6 addresses are enclosed in square brackets
Port numbers are appended outside the brackets http://[2001:500:1::803f:235]:8080/
This prevents the port number from being interpreted as part of the IPv6 address

Structure of IPv6 Addresses

IPv6 addresses consist of two parts

Prefix (Network Prefix)
- Identifies the network
Interface identifier (Interface ID)
- Identifies a network device in a network
- Can be automatically computed, manually set, or assigned via DHCPv6
- If the interface identifier is computed the MAC address may be used:
  - EUI-48 MAC addresses are first converted into into a 64-bit address \(\Longrightarrow\) modified EUI-64 address format

Privacy

Using the MAC address (even in a modified) form as part of the IP address makes a host globally identifiable
In order to prevent this, the IETF has proposed privacy extensions
- RFC 4941 describes a mechanism where the interface identifier is changing over time
- RFC 7217 describes a mechanism where the interface identifier is derived from a stable secret

IPv6 Address Types

Described in RFC 4291

Unicast
- fc00::/7 (1111 110) \(\Longrightarrow\) Unique local address, may be routed only in private networks.
- fe80::/10 (1111 1110 10) \(\Longrightarrow\) Link local addresses, may not be routed.
- ::1/128 (0000..1) \(\Longrightarrow\) Loopback address
- ::/128 (0000..0)} \(\Longrightarrow\) Unspecified
- Anything else \(\Longrightarrow\) Global unicast address (GUA), e.g., 2000::/3 (2000... until 3fff...)
Multicast
- \(\Longrightarrow\) Multicast addresses.
  (No explicit broadcast addresses, but multicast groups for all nodes (ff01::1 and ff02::1) and all routers (ff01::2, ff02::2 and ff05::2).
Anycast
\(\Longrightarrow\) from Unicast address range

Structure of IPv6 Networks

IPv6 networks are specified in CIDR notation
- The address of a single device sometimes has /128 attached
- An example is the loopback address of IPv6: ::1/128
  - All bits – except the last one – have value 0
    (For IPv4, the loopback address is: 127.0.0.1)
- Internet Providers (ISPs) or operators of large networks get the first 32 or 48 bits assigned from a Regional Internet Registry (RIR)
  - The ISPs or network operators split this address space into subnets
  - End users usually get a /64 or even a /56 network assigned

Embedd IPv4 Addresses into IPv6
(IPv4 mapped)

A globally routed (unicast) IPv4 address can be represented as an IPv6 address and thus integrated into the IPv6 address space
- In literature, this approach is called IPv4 mapped
The IPv4 address gets a 96 bytes long prefix: 0:0:0:0:0:FFFF::/96

The IPv4 address may be represented in hexadecimal or decimal notation

Example

IPv4 address:	`131.246.107.35`
IPv6 address:	`0:0:0:0:0:FFFF:83F6:6B23`
Shorter notation:	`::FFFF:83F6:6B23`

Packet Structure

How to Design the Packet Format?

Which information do you expect in the packet format?

IPv4 Packet Structure

Structure of IPv4 Packets

Version
(4 bits)
- Protocol version
  - Version = 4 \(\Longrightarrow\) IPv4
  - Version = 6 \(\Longrightarrow\) IPv6

IHL = IP Header Length
(4 bits)
- Header length, represented as the number of 4 byte words
  - Example: IHL = 5 \(\Longrightarrow\) \(5 * 4\) bytes \(= 20\) bytes
- Indicates where the payload begins

Differentiated services (DiffServ)
(8 bits)
- Prioritization of IP packets is possible with this field (Quality of Service (QoS))
- The field slightly changed over the years (RFC 791, RFC 2474, RFC 3168)

Total length (16 bits)
- This field defines the entire packet size (header and payload)
- This length of the field is 16 bits and therefore the maximum possible IPv4 packet length is 65,535 bytes

The fields Identification, Flags and Fragment offset control the assembly of fragmented IP packets

Identification (16 bits)
- Contains a unique identifier of the IP packet

Flags (3 bits)
- Here the sender informs whether the packet can be fragmented and the receiver is informed whether more fragments follow
Fragment Offset (13 bits)
- Contains a number which states for fragmented packets, from which position of the unfragmented packet the fragment begins

Time To Live (8 bits)
- Specifies the maximum lifetime of an IP packet during transmission in seconds
- If the value is zero, the packet is discarded by the router
- Contains the maximum number of hops
  - Each router on the route to the destination decrements the value by one
- Prevents that undeliverable IP packets endlessly go in cycles on the network

Protocol ID (8 bits)
- Contains the number of the Transport Layer protocol used, e.g.,
  - \(1\) \(\Longrightarrow\) ICMP message
  - \(6\) \(\Longrightarrow\) TCP segments
  - \(17\) \(\Longrightarrow\) UDP segments

Each IPv4 packet contains a checksum (16 bits) of the header
- Because at each router on the way to the destination, the content of the field Time To Live changes, each router need to verify the checksum, recalculate and insert it into the header

The field source address (sender) address of the sender and destination address contains the address of the (final) receiver

The field Options can contain additional information such as a time stamp

This last field before the payload area is filled with padding bits (0 bits) if necessary, to ensure that the header size is an integer number of 32 bit words

The payload field contains the data from the Transport Layer

IPv6 Packet Structure

What is different in IPv6?

Do you expect the packet header to be longer or shorter compared to IPv4?

Structure of IPv6 Packets: Design

The size of the IPv6 header is fixed (320 bits \(\Longrightarrow\) 40 bytes)

Simplified package structure, but simple option to add additional (new) features with a chain of extension headers
No IHL, fragmentation fields, checksum, options, and padding

Structure of IPv6 Packets: Version and QoS

After the four bit version field, one byte is assigned for DiffServ and Congestion Control
The 20 bits Flow Label represent an identifier to group packets (e.g., belonging to one stream)

The 16 bits of the payload length field specify the size of the payload in bytes (octets) including any extension headers
In the special case of an extension header carries a Jumbo Payload option this field may be \(0\)

The field next header points to an extension header field or identifies the Transport Layer protocol (e.g., TCP = type 6 or UDP = type 17) which is carried in the payload of the packet

The hop limit replaces the TTL field of IPv4
Source and destination addresses keep their meaning
After the address either the data from the transport layer or an extension header follows

ICMP

What is missing?

How can we inform a sender about an error?
How can we verify connectivity?
How can we find the way a packet takes through the Internet?

The Role of ICMP

The Internet Control Message Protocol (ICMP) is used for the exchange of…
- diagnostic,
- control, and
- error messages
ICMP is a component (sub-protocol) of IP
- but it is treated as a separate protocol
ICMPv4 is used for IPv4 networks, ICMPv6 is the corresponding protocol for IPv6 networks

Use Cases for ICMP

All routers and terminal devices can handle ICMP
Typical situations where ICMP is used:
- A router discards an IP packet, because it does not know how to forward it
- Not all fragments of an IP packet arrives at the destination
- The destination of an IP packet cannot be reached, because the Time To Live (TTL) has expired
ICMP specifies different sorts of messages, which can be send by a router as response to provide diagnostic information
If an ICMP packet cannot be delivered, no further action is done

The most prominent example The ping command uses ICMP messages.

ICMP Message Structure

The field Type in the ICMP header specifies its message type

The field Code specifies the subtype of the message type

The table contains some type-code combinations of ICMP messages

Type	Name of type	Code	Description
`0`	Echo reply	`0`	Echo reply (reply for `ping`)
`3`	Destination unreachable	`0`	Destination network unreachable
		`1`	Destination host unreachable
		`2`	Destination protocol unreachable
		`3`	Destination port unreachable
		`4`	Fragmentation required, but forbidden by the IP packet’s flags
		`13`	Firewall at destination site rejects the IP packet
`5`	Redirect	`0`	Redirect Datagram for the Network (or subnet)
		`1`	Redirect Datagram for the Host
`8`	Echo Request	`0`	Echo request (`ping`)
`11`	Time Exceeded	`0`	TTL (Time To Live) expired
		`1`	Fragment reassembly time exceeded

ICMP Types and Codes

The original set of ICMP type and code values are defined in RFC 792,
but multiple have been marked as deprecated in RFC 6633 and RFC 6918.
A full list can be found at the IANA.

Example of using ICMP: `traceroute`

Another application example of ICMP is the tool traceroute
traceroute determines, which routers are used to forward packets to the destination site

- The sender transmits an IP packet to the destination with TTL=1

Router A receives the IP packet, sets TTL=0, discards the IP packet and transmits an ICMP message of message type 11 and code 0 to the sender

Next, the sender transmits an IP packet to the destination with TTL=2
The IP packet is forwarded by router A and thereby the value of TTL is decremented
Router B receives the IP packet, sets TTL=0, discards the IP packet and transmits an ICMP message of message type 11 and code 0 to the sender

Once the value of TTL is big enough that the destination site can be reached, the receiver transmits an ICMP message of message type 3 and code 3 to the sender
This way, the path from sender to receiver can be traced via ICMP

        $ traceroute -q 1 wikipedia.de
        traceroute to wikipedia.de (134.119.24.29), 30 hops max, 60 byte packets
        1  fritz.box (10.0.0.1)  1.834 ms
        2  p3e9bf6a1.dip0.t-ipconnect.de (62.155.246.161)  8.975 ms
        3  217.5.109.50 (217.5.109.50)  9.804 ms
        4  ae0.cr-polaris.fra1.bb.godaddy.com (80.157.204.146)  9.095 ms
        5  ae0.fra10-cr-antares.bb.gdinf.net (87.230.115.1)  11.711 ms
        6  ae2.cgn1-cr-nashira.bb.gdinf.net (87.230.114.4)  13.878 ms
        7  ae0.100.sr-jake.cgn1.dcnet-emea.godaddy.com (87.230.114.222)  13.551 ms
        8  wikipedia.de (134.119.24.29)  15.150 ms

Address Autoconfiguration

Avoid Manual Configuration

Why do we want avoid manual configuration?
In which cases is manual (static) configuration preferable?
How can we do automatic assignment?

Reverse Address Resolution Protocol (RARP)

Upon booting a network interface has no IP address assigned
Manual address configuration is not desirable in many scenarios
With the help of Reverse ARP, well-known hardware addresses are assigned to IP addresses, and recorded on a RARP server
Problem: RARP requests are not passed on by routers, therefore a RARP server must be set up in each local network

RARP is obsolete. Replaced by DHCP (more modern and feature-rich).

Dynamic Host Configuration Protocol (DHCP)

A host that needs an IPv4 address sends a DHCP DISCOVER packet
A DHCP server replies to this request with a DHCP OFFER which contains an IPv4 address
Additionally it may also contain the subnet mask, default router, DNS server... \(\rightarrow\) DHCP can be used for full host configuration.
The assigned addresses typically have a lease time (\(\rightarrow\) must be renewed after expiration)
In each subnet a DHCP Relay Agent is placed, who passes such a message on to the DHCP server

Link-Local Addresses

Link-local addresses are valid inside a local physical network
IPv4 uses the prefix 169.254.0.0/16, IPv6 uses the prefix fe80::/10 for link-local addresses
Are not guaranteed to be unique beyond their network segment, i.e., not globally routable
In IPv4 the host ID is initially randomized, in IPv6 it can be derived from the MAC address
A mechanism for Duplicate Address Detection (DAD) is mandatory ¹
A link-local address can serve as a temporary solution until a globally routable or private address becomes available

Stateless Auto Address Configuration (SLAAC)

SLAAC is specified for IPv6 in RFC 2462
Functioning of SLAAC
- A host generates a tentative link-local address
- DAD: The host sends a Neighbor Solicitation (NS) with the chosen IP address as destination address
- If no host responds to the NS with an Neighbor Advertisement (NA) it keeps this address
- Router solicitations (RS) or Router Advertisements (RAs) are used to find the responsible router for the network
- The RA contains the network prefix which is used to determine a routable IP address

Summary

You should now be able to answer the following questions:

Why do we need logical addresses?
How does an IPv4 address look like and which information does it contain?
What is a subnet?
Why do we need a new Internet Protocol?
What happens in NAT network?
What is the purpose of ICMP?
How can IP address be configured automatically?

Computer Networks

The Narrow Waist of the Internet

Addressing

Computer Network Addresses

Purpose and Format

Addressing in the Network Layer

Format of IP Addresses

IPv4 Networks

Network Identifier and Host Identifier

(Sub)Netmasks

Netmask Examples

Subnetting Example

Address Classes

Drawback of Address Classes

Syntax of the Classless Interdomain Routing (CIDR)

Subnets and Routing

Private Networks

Private IPv4 Address Spaces

Network Address Translation (NAT)

Network Address Translation (NAT)

Fragmentation

Packet Fragmentation

IPv6 Networks

A “new” Internet Protocol

IPv6 Improvements

Representation of IPv6 Addresses

Structure of IPv6 Addresses

Privacy

IPv6 Address Types

Structure of IPv6 Networks

Embedd IPv4 Addresses into IPv6 (IPv4 mapped)

Packet Structure

How to Design the Packet Format?

IPv4 Packet Structure

Structure of IPv4 Packets

IPv6 Packet Structure

What is different in IPv6?

Structure of IPv6 Packets: Design

Structure of IPv6 Packets: Version and QoS

ICMP

What is missing?

The Role of ICMP

Use Cases for ICMP

ICMP Message Structure

Example of using ICMP: traceroute

Address Autoconfiguration

Avoid Manual Configuration

Reverse Address Resolution Protocol (RARP)

Dynamic Host Configuration Protocol (DHCP)

Link-Local Addresses

Stateless Auto Address Configuration (SLAAC)

Summary

Embedd IPv4 Addresses into IPv6
(IPv4 mapped)

Example of using ICMP: `traceroute`