Chapter 1. Introduction to Data Communications
Networks, Security, and Privacy
158.235
A/Prof. Julian Jang-Jaccard
Massey University
Network
Layer
Reading: Chapter 5 in the prescribed textbook
Network Layer
• Layer 3 in the Internet
model
– Responsible for moving
messages from a source
computer to the intended
destination computer
• Main function;
– IP fragmentation
– Addressing
– Routing
Application
Transport
Network
Data Link
Physical
Internet Model
Network Layer Protocols
• Internet Protocol (IP)
– IP version 4 (IPv4)
• Most common version of IP used
• 32-bit addresses (232 or ~4.29 billion
possible)
• Exhaustion of address space
Header
length
(4 bits)
Packet
Offset
(13 bits)
Version
number
(4 bits)
Type of
service
(8 bits)
Total
length
(16 bits)
IDs
(16 bits)
Flags
(3 bits)
Time to
Live /
Hop Limit
(8 bits)
CRC-16
(16 bits)
Protocol
(8 bits)
Options
(32 bits)
User
Data
(varies)
Source
Address
(32 bits)
Destination
Address
(32 bits)
5 – 5
IP Packet Formats
IPv4 Header: 192 bits (24 bytes)
IP version used: 4
Length of IP header,
minimum = 20 bytes or
Maximum = 24 bytes
Differentiated Service (DS),
different traffic class, related
to prioritization and QoS
Total IP Packet length:
max of 2^16 = 65535 (in bytes)
Fragmentation management
The number of hops the
packet can be passed on
before it’s considered
‘too long to reach destination’
Protocol that the
‘user data’ part of
the packet uses
Source IPv4
address (4 bytes)
Destination IPv4
address (4 bytes)
Options (e.g. record
route, security, etc).
Affect length of IP header
Header
length
(4 bits)
Packet
Offset
(13 bits)
Version
number
(4 bits)
Type of
service
(8 bits)
Total
length
(16 bits)
IDs
(16 bits)
Flags
(3 bits)
Time to
Live /
Hop Limit
(8 bits)
CRC-16
(16 bits)
Protocol
(8 bits)
Options
(32 bits)
User
Data
(varies)
Source
Address
(32 bits)
Destinati
on
Address
(32 bits)
Network Layer Protocols
– IP version 6 (IPv6)
• 128-bit addresses (2128 or ~3.4 × 1038
possible)
• Slowly being adopted due to IPv4
exhaustion
Network Link Layer
• IP fragmentation
• Addressing
• Routing
• network links have MTU
(max.transfer size) –
largest possible link-level
frame
different link types,
different MTUs
• large IP datagram divided
(“fragmented”) within net
one datagram becomes
several datagrams
“reassembled” only at final
destination
IP header bits used to
identify, order related
fragments
fragmentation:
in: one large datagram
out: 3 smaller datagrams
reassembly
…
…
IP Fragmentation
IP Fragmentation
• Fragmentation management fields:
– identification (16 bits): unique identification for all
packets related to the same upper-layer datagram
– flags (3 bits): fragment-ability management
• 0xx : not used (reserved)
• x0x : fragment
• x1x : do not fragment
• xx0 : the last fragment
• xx1 : more fragments
– offset (13 bits): starting sequence number for the packet
(measured in the unit of 8 byte blocks)
• To keep track of order of packets
Packet
Offset
(13 bits)
IDs
(16 bits)
Flags
(3 bits)
ID
=f2
ID
=f2
offset
=0
fragflag
=x01
length
=1500
ID
=f2
offset
=185
fragflag
=x01
length
=1500
ID
=f2
offset
=370
fragflag
=x00
length
=1060
one large segment becomes
several smaller packets
example:
4000 byte segment
MTU = 1500 bytes
IP overhead (20 byte) +
data (1480 byte) =
1500
offset (measured in octet)=
1480/8
data
=4000
data
=1480
data
=1480
data
=1040
IP Fragmentation
Network Link Layer
• IP fragmentation
• Addressing
• Routing
• 4 byte (32 bit) addresses
– Strings of 32 binary bits
• Dotted decimal notation
– Used to make IP addresses easier to
understand for human readers
– Breaks the address into four bytes and writes
the digital equivalent for each byte
• Example: 128.192.56.1
1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 1
IP Addressing
IP Addressing
• A portion of an IP address represents the
network and the rest identifies the host
• Classful addressing
– Uses the first bits to determine number of hosts
– Discontinued (but nomenclature still used)
• Classless Inter-Domain Routing (CIDR)
– No fixed subnet part and host parts
– Flexible way to decide
Class A
Class B
Class C
Class D
Class E
2^7 128 networks
2^24 over 16 millions hosts
per network
2^31 over 2 Billion addresses
in total
2^14 over 16K networks
2^16 over 65K hosts per network
2^30 over 1 Billion addresses
in total
2^21 over 2 million networks
2^8 255 hosts per network
2^29 536 Million addresses
Multicast address
2^28 = 268 Million addresses
0
1 0
1 1 0
1 1 1 0
1 1 1 1
Reserved
2^28 = 268 Million addresses
Net ID Host ID
7 bits 24 bits
Net ID Host ID
14 bits 16 bits
21 bits 8 bits
Net ID Host ID
0 -127
128 -191
192 -223
Classful Addressing
Subnet portion of address of arbitrary
length
address format: a.b.c.d/x, where x is # bits
in subnet portion of address
11001000 00010111 00010000 00000000
subnet
part
host
part
200.23.16.0/23
Classless Inter-Domain Routing
Subnets
• Group of
computers on the
same LAN with IP
address sharing
the same prefix
• Can physically
reach each other
without intervening
router
223.1.1.0/24
223.1.2.0/24
223.1.3.0/24
223.1.1.1
223.1.1.3
223.1.1.4 223.1.2.9
223.1.3.2
223.1.3.1
subnet
223.1.1.2
223.1.3.27
223.1.2.2
223.1.2.1
IP Assignment
Q: How does a host get IP address?
• hard-coded by system admin in a file
– Windows: control-panel->network->configuration->tcp/ip-
>properties
– UNIX: /etc/rc.config
• DHCP: Dynamic Host Configuration
Protocol:
– Plug and play
DHCP
Goal allow host to dynamically obtain its IP address from
network server when it joins network
– can renew its lease on address in use
– allows reuse of addresses (only hold address while
connected/“on”)
– support for mobile users who want to join network
How it works:
– host broadcasts “DHCP discover” msg
– DHCP server responds with “DHCP offer” msg
– host requests IP address: “DHCP request” msg
– DHCP server sends address: “DHCP ack” msg
223.1.1.0/24
223.1.2.0/24
223.1.3.0/24
223.1.1.1
223.1.1.3
223.1.1.4 223.1.2.9
223.1.3.2 223.1.3.1
223.1.1.2
223.1.3.27
223.1.2.2
223.1.2.1
DHCP
server
arriving DHCP
client needs
address in this
network
DHCP Scenario
DHCP server: 223.1.2.5 arriving
client
DHCP discover
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
lifetime: 3600 secs
DHCP Scenario
Address Resolution
• Addresses exist at different layers
• Addresses may be translated (resolved)
from one layer to another
Address Type Example Example Address
Application layer Web address (URL) www.indiana.edu
Network layer IP address 129.79.78.193 (4 bytes)
Data link layer MAC address 1C-6F-65-F8-33-8A (6 bytes)
Address Resolution
• Server Name Resolution
– Translating destination host’s domain name to
its corresponding IP address
– www.yahoo.com is resolved to 204.71.200.74
– Uses one or more Domain Name Service (DNS)
servers to resolve the address
• Data Link Layer Address Resolution
– Identifying the MAC address of the next node
(that packet must be forwarded)
– Uses Address Resolution Protocol (ARP)
http://www.yahoo.com/
Domain Name System:
• hostname to IP address translation
• distributed database implemented in hierarchy of
many name servers
• application-layer protocol: hosts, name servers
communicate to resolve names (address/name
translation)
why not centralize DNS?
• single point of failure
• traffic volume
• distant centralized database
• maintenance
doesn’t scale!
DNS: domain name system
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
poly.edu
DNS servers
umass.edu
DNS servers
yahoo.com
DNS servers
amazon.com
DNS servers
pbs.org
DNS servers
client wants IP for www.amazon.com; 1st approx:
– client queries root server to find com DNS server
– client queries .com DNS server to get amazon.com DNS server
– client queries amazon.com DNS server to get IP address for
www.amazon.com
… …
DNS: domain name system
DNS: root name servers
• contacted by local name server that can not resolve
name
• root name server:
–contacts authoritative name server if name mapping not known
–gets mapping
–returns mapping to local name server
13 root name
“servers”
worldwide
a. Verisign, Los Angeles CA
(5 other sites)
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
e. NASA Mt View, CA
f. Internet Software C.
Palo Alto, CA (and 48 other
sites)
i. Netnod, Stockholm (37 other sites)
k. RIPE London (17 other sites)
m. WIDE Tokyo
(5 other sites)
c. Cogent, Herndon, VA (5 other sites)
d. U Maryland College Park, MD
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites )
g. US DoD Columbus,
OH (5 other sites)
TLD, authoritative servers
top-level domain (TLD) servers:
• responsible for com, org, net, edu, aero, jobs,
museums, and all top-level country domains, e.g.: uk,
fr, ca, jp
• Network Solutions maintains servers for .com TLD
• Education for .edu TLD
authoritative DNS servers:
• organization’s own DNS server(s), providing
authoritative hostname to IP mappings for
organization’s named hosts
• can be maintained by organization or service
provider
Local DNS name server
• does not strictly belong to hierarchy
• each ISP (residential ISP, company,
university) has one
– also called “default name server”
• when host makes DNS query, query is
sent to its local DNS server
– has local cache of recent name-to-address
translation pairs (but may be out of date!)
– acts as proxy, forwards query into hierarchy
requesting host
cis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS server
dns.poly.edu
1
2
3
4
5
6
authoritative DNS server
dns.cs.umass.edu
7
8
TLD DNS server
DNS example
• host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
iterated query:
contacted server
replies with name of
server to contact
“I don’t know this
name, but ask this
server”
4 5
6
3
recursive query:
puts burden of name
resolution on
contacted name
server
heavy load at upper
levels of hierarchy?
requesting host
cis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS server
dns.poly.edu
1
2
7
authoritative DNS server
dns.cs.umass.edu
8
TLD DNS
server
DNS example
ARP name resolution
• Identifying the MAC address by IP address
• Operation
– Broadcast an ARP message to all nodes on a LAN asking
which node has a certain IP address
– Host with that IP address then responds by sending back its
MAC address
– Store this MAC address in its address table
– Send the message to the destination node
MAC addresses and ARP
• 32-bit IP address:
– network-layer address for interface
– used for layer 3 (network layer) forwarding
• MAC (or LAN or physical or Ethernet)
address:
– function: used ‘locally” to get frame from one
interface to another physically-connected
interface (same network, in IP-addressing sense)
– 48 bit MAC address (for most LANs) burned in NIC
ROM, also sometimes software settable
– e.g.: 1A-2F-BB-76-09-AD
hexadecimal (base 16) notation
(each “number” represents 4 bits)
LAN addresses (more)
• MAC address allocation administered by
IEEE
• manufacturer buys portion of MAC
address space (to assure uniqueness)
• analogy:
– MAC address: like Social Security Number
– IP address: like postal address
• MAC flat address ➜ portability
– can move LAN card from one LAN to another
• IP hierarchical address not portable
– address depends on IP subnet to which node
is attached
ARP
• A broadcasts ARP query
packet, containing B’s IP
address
– dest MAC address = FF-FF-
FF-FF-FF-FF
– all nodes on LAN receive ARP
query (broadcast)
• B receives ARP packet,
replies to A with its (B’s)
MAC address
– frame sent to A’s MAC
address (unicast)
Question: how to determine a MAC address knowing its
IP address?
58-23-D7-FA-20-B0
71-65-F7-2B-08-53
LAN
137.196.7.23
137.196.7.14
A
B
ARP query ARP reply
Src IP address 137.196.7.23 137.196.7.14
Dest IP address 137.196.7.14 137.196.7.23
Src MAC
address
71-65-F7-2B-08-
53
58-23-D7-FA-20-
B0
Dest MAC
address
FF-FF-FF-FF-
FF-FF
71-65-F7-2B-08-
53
Network Link Layer
• IP fragmentation
• Addressing
• Routing
Routing
• Process of determining the route (or path) a
message will travel from the sending computer to
the receiving computer
• Routers
– Special purpose devices used to handle routing decisions on
the Internet
– Maintain their own routing tables
• Routing Tables
– Shows which path to send packets on to reach a given
destination
– Kept by computers making routing decisions
Routing
• Unicast – one computer to another computer
• Broadcast – one computer to all computers in
the network
• Multicast – one computer to a group of
computers (e.g., videoconference)
– Same data needs to reach multiple receivers and avoid
transmitting it once for each receiver
• Particularly useful if access link has bandwidth
limitations
• Many implementations at different layers
• In IP multicast, hosts dynamically join and leave
multicast groups using Internet Group Management
Protocol (IGMP)
Routing
Types of Routing
• Centralized routing
– Decisions made by one central computer
– Used on small, mainframe-based networks
– Not common anymore
• Decentralized routing
– Decisions made by each node independently of
one another
– Information needs to be exchanged to prepare
routing tables
– Used by the Internet
Statc vs. Dynamic
• Static routing:
– Fixed routing tables
– Manually configured by network administrator
– Used on relatively simple networks with few
routing options that rarely change
• Dynamic routing
– Routing tables updated periodically
– Routers exchange information using protocols to
update tables
Dynamic Routing Algorithms
• Distance Vector
– Uses the least number of
hops to decide how to
route a packet
• Link State
– Uses a variety of information types to decide how
to route a packet (more sophisticated)
• e.g., number of hops, congestion, speed of
circuit
– Provides more reliable, up to date paths to
destinations
B A
C
D
E
F
G
From A to G ABCG
Routing Protocols
• Used to exchange info among nodes for building
and maintaining routing tables
• Types of Routing Protocols
– Interior routing protocols (RIP, OSPF, EIGRP, ICMP)
• Operate within a network
• Provide detailed info about each node and paths
– Exterior routing protocols (BGP)
• Operate between networks (autonomous systems)
Routing Information Protocol (RIP)
• Dynamic distance vector protocol used for
interior routing
• Operations:
– Commonly used in smaller networks
– Network managers use RIP to build a routing table
– When a new node added, RIP counts number of hops
between computers and updates routing tables
– Routing table status are broadcasted periodically (every
minute or so) by all nodes
Open Shortest Path First (OSPF)
• A dynamic hybrid (distance vector + link
state) interior routing protocol
– More reliable paths: Incorporates traffic and error
rate measures
– Most widely used interior routing protocol on large
enterprise networks, preferred by TCP/IP
– Less burdensome to the network
• Only the updates sent (not entire routing tables)
and only to other routers (no broadcasting)
Other Interior Routing Protocols
• Enhanced Interior Gateway Routing Protocol
(EIGRP)
– A dynamic hybrid interior protocol (developed by Cisco)
– Records transmission capacity, delay time, reliability and
load for all paths
– Keeps the routing tables for its neighbors and uses this
information in its routing decisions as well
• Internet Control Message Protocol (ICMP)
– Simplest and most basic: checks the reachability of a certain
nodes and paths (e.g., Ping)
– An error reporting protocol (report routing errors to message
senders)
Exterior Routing Protocols
• Border Gateway Protocol (BGP)
– Used to exchange routing info between
autonomous systems
– Based on a dynamic distance vector algorithm
– Far more complex than interior routing protocols
– Provide routing info only on selected routes (e.g.,
preferred or best route)
• Too many routes; can’t maintain tables of every
single route
Internet Routing
using
BGP, OSPF and
RIP
END