TCP/IP Internet work Layer

In the TCP/IP Model, the two important reasons for the existence of internet work layer are routing and providing a single network interface to the upper layer. No other upper or lower layer protocols have this function. The following are the protocols at the internetwork layer

1. Internet Protocol (IP)
2. Internet Control Message Protocol (ICMP)
3. Address Resolution Protocol (ARP)
4. Reverse Address Resolution Protocol (RARP)

Internetwork layer provides routing the data packets to the upper layer. During communication process, the data is packed, addressed and routed to desired network destination. The internet Protocol (IP) is the primary protocol used in the TCP/TP Internetwork Layer.

IP helps to deliver the data packets across the network. All protocols, in the layers above and below IP, use the Internet Protocol to deliver data. All the machines in the network have logical address known as IP address. The IP address contains valuable encoded information which simplifies the complex task of routing. IP receives segments from Host-to-Host layer and divides them into datagram or packets if necessary. IP then reassembles these datagram back into segments on the receiving end. Each datagram is assigned the IP address of the sending and receiving device. Each router that receives the datagram takes a routing decision based on the destination IP address on each packet.

IP Header :

• IPv4 Header
• IPv6 Header

IPv4 Header Format :

The IPv4 packet header consists of 14 fields, of which 13 are required. The 14^th field is optional (red background in table) and aptly named: options. The fields in the header are packed with the most significant byte first (big endian), and for the diagram and discussion, the most significant bits are considered to come first (MSB 0 bit numbering). The most significant bit is numbered 0, so the version field is actually found in the four most significant bits of the first byte, for example.

bit offset	0–3				4–7				8–13						14-15		16–18			19–31
0	Version				Header Length				Differentiated Services Code Point						Explicit Congestion Notification		Total Length
32	Identification																Flags			Fragment Offset
64	Time to Live								Protocol								Header Checksum
96	Source IP Address
128	Destination IP Address
160	Options ( if Header Length > 5 )
160 or 192+	Data

Version

The first header field in an IP packet is the four-bit version field. For IPv4, this has a value of 4 (hence the name IPv4).

Internet Header Length (IHL) 

The second field (4 bits) is the Internet Header Length (IHL) telling the number of 32-bit words in the header. Since an IPv4 header may contain a variable number of options, this field specifies the size of the header (this also coincides with the offset to the data). The minimum value for this field is 5 (RFC 791), which is a length of 5×32 = 160 bits = 20 bytes. Being a 4-bit value, the maximum length is 15 words (15×32 bits) or 480 bits = 60 bytes.

Differentiated Services Code Point (DSCP)

Originally defined as the Type of Service field, this field is now defined by RFC 2474 for Differentiated services (DiffServ). New technologies are emerging that require real-time data streaming and therefore will make use of the DSCP field. An example is Voice over IP (VoIP) that is used for interactive data voice exchange.

Explicit Congestion Notification (ECN) 

Defined in RFC 3168 and allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that is only used when both endpoints support it and are willing to use it. It is only effective when supported by the underlying network.

Total Length 

This 16-bit field defines the entire datagram size, including header and data, in bytes. The minimum-length datagram is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 bytes — the maximum value of a 16-bit word. The minimum size datagram that any host is required to be able to handle is 576 bytes, but most modern hosts handle much larger packets. Sometimes subnetworks impose further restrictions on the size, in which case datagrams must be fragmented. Fragmentation is handled in either the host or packet switch in IPv4.

Identification 

This field is an identification field and is primarily used for uniquely identifying fragments of an original IP datagram. Some experimental work has suggested using the ID field for other purposes, such as for adding packet-tracing information to datagrams in order to help trace back datagrams with spoofed source addresses.

Flags 

A three-bit field follows and is used to control or identify fragments. They are (in order, from high order to low order):

• bit 0: Reserved; must be zero.
• bit 1: Don't Fragment (DF)
• bit 2: More Fragments (MF)

If the DF flag is set and fragmentation is required to route the packet then the packet will be dropped. This can be used when sending packets to a host that does not have sufficient resources to handle fragmentation.

When a packet is fragmented all fragments have the MF flag set except the last fragment, which does not have the MF flag set. The MF flag is also not set on packets that are not fragmented — an unfragmented packet is its own last fragment.

Fragment Offset 

The fragment offset field, measured in units of eight-byte blocks, is 13 bits long and specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram. The first fragment has an offset of zero. This allows a maximum offset of (2¹³ – 1) × 8 = 65,528 bytes which would exceed the maximum IP packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548 bytes).

Time To Live (TTL) 

An eight-bit time to live field helps prevent datagrams from persisting (e.g. going in circles) on an internet. This field limits a datagram's lifetime. It is specified in seconds, but time intervals less than 1 second are rounded up to 1. In latencies typical in practice, it has come to be a hop count field. Each router that a datagram crosses decrements the TTL field by one. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded. Typically, an ICMP message (specifically the time exceeded) is sent back to the sender that it has been discarded. The reception of these ICMP messages is at the heart of how traceroute works.

Protocol 

This field defines the protocol used in the data portion of the IP datagram. The Internet Assigned Numbers Authority maintains a list of IP protocol numbers which was originally defined in RFC 790.

Header Checksum 

The 16-bit checksum field is used for error-checking of the header. At each hop, the checksum of the header must be compared to the value of this field. If a header checksum is found to be mismatched, then the packet is discarded. Note that errors in the data field are up to the encapsulated protocol to handle — indeed, both UDP and TCP have checksum fields.

Since the TTL field is decremented on each hop and fragmentation is possible at each hop then at each hop the checksum will have to be recomputed. The method used to compute the checksum is defined within RFC 1071:

The checksum field is the 16-bit one's complement of the one's complement sum of all 16-bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero.

In other words, all 16-bit words are summed together using one's complement (with the checksum field set to zero). The sum is then one's complemented and this final value is inserted as the checksum field.

For example, use Hex 45000030442240008006442e8c7c19acae241e2b (20 bytes IP header):

4500 + 0030 + 4422 + 4000 + 8006 + 0000 + 8c7c + 19ac + ae24 + 1e2b = 2BBCF

2 + BBCF = BBD1 = 1011101111010001, the 1'S of sum = 0100010000101110 = 442E

To validate a header's checksum the same algorithm may be used - the checksum of the header with the checksum field filled in should be a word containing all zeros (value 0).

Source address 

An IPv4 address is a group of four octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value.

For example, the address 10.9.8.7 would be 00001010000010010000100000000111.

This address is the address of the sender of the packet. Note that this address may not be the "true" sender of the packet due to network address translation. Instead, the source address will be translated by the NATing machine to its own address. Thus, reply packets sent by the receiver are routed to the NATing machine, which translates the destination address to the original sender's address.

Destination address

Identical to the source address field but indicates the receiver of the packet.

Options 

Additional header fields may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words). The list of options may be terminated with an EOL (End of Options List, 0x00) option; this is only necessary if the end of the options would not otherwise coincide with the end of the header. The possible options that can be put in the header are as follows:

Field	Size (bits)	Description
Copied	1	Set to 1 if the options need to be copied into all fragments of a fragmented packet.
Option Class	2	A general options category. 0 is for "control" options, and 2 is for "debugging and measurement". 1, and 3 are reserved.
Option Number	5	Specifies an option.
Option Length	8	Indicates the size of the entire option (including this field). This field may not exist for simple options.
Option Data	Variable	Option-specific data. This field may not exist for simple options.

• Note: If the Header Length is greater than 5, i.e. it is between 6-15, it means that the Options field is present and must be considered.
• Note: the Copied, Option Class, and Option Number are sometimes referred to as a single eight-bit field - the Option Type.

The use of the LSRR and SSRR options (Loose and Strict Source and Record Route) is discouraged because they create security concerns; many routers block packets containing these options.

Data

The data field is not a part of the header and, consequently, is not included in the checksum field. The format of the data field is specified in the protocol header field and can be any one of the transport layer protocols.

Some of the common protocols are listed below including their value used in the protocol field:

Protocol Number	Protocol Name	Abbreviation
1	Internet Control Message Protocol	ICMP
2	Internet Group Management Protocol	IGMP
6	Transmission Control Protocol	TCP
17	User Datagram Protocol	UDP
41	IPv6 encapsulation	-
89	Open Shortest Path First	OSPF
132	Stream Control Transmission Protocol	SCTP

IPv6 Header Format :

An IPv6 packet is the smallest message entity exchanged via the Internet Protocol across an Internet Protocol version 6 (IPv6) network.

Packets consist of control information for addressing and routing, and a payload consisting of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level Transport Layer protocol, but may be data for an Internet Layer (e.g., ICMPv6) or Link Layer (e.g., OSPF) instead.

IPv6 packets are typically transmitted over a Link Layer protocol, such as Ethernet which encapsulates each packet in a frame, but this may also be a higher layer tunneling protocol, such as IPv4 when using 6to4 or Teredo transition technologies.

Routers do not fragment IPv6 packets, as they do for IPv4. Hosts are "strongly recommended" to implement path MTU discovery to take advantage of MTUs greater than the smallest MTU of 1280 octets. Hosts may use fragmentation to send packets larger than the observed path MTU.

Fixed header

The fixed header of an IPv6 packet consists of its first 40 octets (320 bits). It has the following format:

Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	Version				Traffic Class								Flow Label
4	32	Payload Length																Next Header								Hop Limit
8	64	Source Address
12	96
16	128
20	160
24	192	Destination Address
28	224
32	256
36	288

Version (4 bits) 

The constant 6 (bit sequence 0110).

Traffic Class (8 bits) 

The bits of this field hold two values. The 6 most-significant bits are used for DSCP, which is used to classify packets. The remaining two bits are used for ECN; priority values subdivide into ranges: traffic where the source provides congestion control and non-congestion control traffic.

Flow Label (20 bits) 

Originally created for giving real-time applications special service. Flow Label specifications and minimum requirements are described, and first uses of this field are emerging.

Payload Length (16 bits) 

The size of the payload in octets, including any extension headers. The length is set to zero when a Hop-by-Hop extension header carries a Jumbo Payload option.

Next Header (8 bits) 

Specifies the type of the next header. This field usually specifies the transport layer protocol used by a packet's payload. When extension headers are present in the packet this field indicates which extension header follows. The values are shared with those used for the IPv4 protocol field, as both fields have the same function (see List of IP protocol numbers).

Hop Limit (8 bits) 

Replaces the time to live field of IPv4. This value is decremented by one at each intermediate node the packet visits. When the counter reaches 0 the packet is discarded.

Source Address (128 bits) 

The IPv6 address of the sending node.

Destination Address (128 bits) 

The IPv6 address of the destination node(s).

The header has no checksum to protect it in order to increase routing speeds, and since current link layer technology is assumed to provide sufficient error detection. Higher-level protocols are responsible to discard mis-addressed packets.

In addition, there are many supporting protocols in the Network Layer, such as ICMP, to facilitate and manage the routing process.

Let’s take an example to explain the functions of Internet protocol. Think that you have written a letter to friend who stays outside out side your country and that also you have written a letter to your friend who stays on the other side of the town. When you want to sent these letters, you write address on each envelope and you drop it into mail box. Later postal service check the details (address) written on letter because letter has to be delivered to the correct location-whether outside a town or outside the country. The letter from one post office will be sent to next, then to next until it reaches your friend across the country. Local letters will be sent to post office in a town and then it is sent to your friend across your town.

Internet protocol (IP) works like postal service. Internet Protocol defines a unique addressing which allows identifying each device in a network. It helps router to identify the path and correct destination location where packets has to be delivered.

IP services given to TCP

The lines near John and Ruby represent the LANs. When John sends a HTTP get request to Ruby, it contains IP packet. IP packet includes IP header, transport layer header (TCP), application layer header (HTTP). IP header contains source and destination address fields. John’s IP address is the destination address and Ruby’s destination is the source address. When John sends data packet to R2 (Router 2), routing decision will be taken and it sends the data packet to R1 (Router 1). R1 sends the data packet to Ruby because it knows that Ruby (10.10.01.1) is on other side. If connection between R2 and R1 fails, then R2 sends the packet to R3 (Router 3) so that it can reach Ruby (10.10.01.1).

Protocols at Internet layer

Some of the protocols at internet layer are

ICMP (Internet control Message protocol)

ICMP Packet

	Bit 0 - 7	Bit 8 - 15	Bit 16 - 31
IP Header (20 bytes)	Version/IHL	Type of service	Length
	Identification		flags and offset
	Time To Live (TTL)	Protocol	Checksum
	Source IP address
	Destination IP address
ICMP Payload (8+ bytes)	Type of message	Code	Checksum
	Quench
	Data (optional)

ICMP is considered as sub protocol of IP. Because it helps controls and manages the work of IP. The main purpose of ICMP is to information to IP device about the status of their IP transmission. Typically, it is used to report hosts that there is an error on the packet processing.

For example: when you try to connect to remote host using Telnet application, you enter the name of the host in the Telnet application and later you will see a Destination Unreachable message. If the router has dropped the packet, than there is no other way to know that the destination was unreachable. This is where ICMP works. Instead of waiting for the connection, Telnet application gets ICMP message from router saying that the destination was unreachable.

Destination Unreachable is one type of message that ICMP define. Table below shows the full list of ICMP message types.

ICMP codes and message types

ICMP Code	ICMP Type
0	Echo Reply
3	Destination Unreachable
4	Source Quench
5	Redirect
8	Echo Request
11	Time Exceeded
12	Parameter Problem
13	Timestamp Request
14	Timestamp Reply
15	Information Request
16	Information Reply

1. ICMP Echo Request and Echo Reply: ICMP Echo request and Echo Reply message are sent and received by using Ping command. Echo request message means that the device to which it addresses must reply to the packet. The request sent from a device includes some data which specified by using ping command. The data which is sent in the Echo request is transmitted back in the form of Echo Reply.
2. Destination Unreachable: The ICMP Destination Unreachable message is sent by a router in response to a packet which it cannot forward when the destination is Unreachable or when a service is Unreachable A router must be able to generate ICMP Destination Unreachable message and should be able to choose a response code which has to match the reason behind generating the message. Destination Unreachable, defines six codes: Network unreachable, Protocol Unreachable, Port Unreachable, unable to fragment and Source Router Failed.
3. Network Unreachable code: It is generated by a router when forwarding router to the destination network is not reachable. In other work may exist but the router does not know where it is and how to get, so it has dropped the packet and replies back.
4. Host Unreachable code: It tells that network is up and running but the destination is not responding. The destination host sends port Unreachable and protocol Unreachable message.
5. Source Quench: Source Quench message is generated if the router or host doses not have sufficient buffer space to process the request or it is generated when the router or host’s buffer is approaching its limit. A device will not generate Source Quench can be generated by any device or router any device can respond to Source Quench message.
6. Redirect: The ICMP Redirect message informs a device that it is using the wrong gateway (router). A gateway (router) sends a redirect message in the following situation: when a router receives a packet from a host on a network, it checks the routing table for destination network and forwards the packet to the next router. If it identifies that next router is on a same network it forward s the packet normally but sends Redirect message informing the client that fastest way to send is directly to other router. This helps the client to enter destination network and alternate router as new path in routing table, shortening the path to get to remote network.
7. Time Exceeded: Time Exceeded message is generated by a router to inform the source that the packet. Has been discarded because the time to live field is reaching zero. A Time Exceeded message is also sent by host when it fails to reassemble the fragmented packet within its time limit.
8. Parameter problem: If the router or host processing a datagram cannot understand the setting in IP header than it must discard the datagram. Typically, this message is sent when there is incorrect arguments in the options and receiving device dose not understand.
9. Timestamp Request and Timestamp Reply: The ICMP Timestamp message marks each packet. With the time-milliseconds past midnight-the sender sent the message, receiver first receives the message and receiver sent the message back. Generally, it is used to calculate the delay and also for clock synchronization.
10. Information Request and Information Reply: The ICMP Information message is used by device to know which network it is on. A device sends IP packet with source and destination address field set to zero. A router replies with the network address of the network which helps to know the device which network it is in.
11. In is internetwork layer protocol that provides message to report errors and other information regarding IP packet processing back to the source. ICMP uses Internet protocol to carry ICMP data within it through a network. ICMP sends messages that perform the control, error reporting and informational functions for TCP/IP.

Functions of ICMP

1. Flow control: when data packets arrives too for further processing, than the destination computer sends an ICMP Source Quench Message to the sender asking to stop sending packets temporarily.
2. Detecting Unreachable destination: when an ICMP destination unreachable message is sent by a router, it means that router is unable to send the packet to its final destination.
3. Redirecting routes: An ICMP redirect message is sent by the router to the Source host to provide more efficient routing. ICMP redirect message makes the host routing table to remain small which is required to know the address of only one router, though it dose not give best path.
4. Checking remote host: A host sends ICMP echo message to test the remote system’s Internet protocol is working or not. An ICMP echo request which is generated by PING (packet Internet Gopher) command is used to check the physical connectivity.

Address Resolution protocol (ARP) :

Address Resolution protocol (ARP) checks the hardware address of the device. ARP locates the physical computers for which the IP packets are destined within the each network segment. When IP has packet to be sent, it has to inform network layer protocol such as Token Ring or Ethernet of the destination hardware address. If IP dose not find the destination hardware address. In the ARP cache, it uses ARP to find this address. ARP transmits the broadcast message asking a device with specified IP address to send its hardware address. The device with that IP address responds to the ARP. ARP translates the software address into hardware address. Following figure shows a device sending an ARP message to another device.

Reverse Address Resolution protocol (RARP) : 

RARP is used to find the IP address for a diskless machine by sending a packet which includes its MAC address and request for the IP address assigned to that IP address. A designated machine is known as RARP server replies to the request with the device’s IP address.