Chapter-5

Internet Protocol
Prepared By: Mr. V. D. Chougule
 Contents
• IP Datagram format
• Fragmentation and reassembly models
• ARP
• RARP
• ICMP
• IGMP
 Internet Protocol
• The Internet Protocol (IP) is the transmission mechanism
used by the TCP/IP protocols at the network layer.
• Figure shows the position of IP in the suite.
 IP Datagram
• The Internet Protocol (IP) is the transmission mechanism
used by the TCP/IP protocols at the network layer.
• Packets in the network (internet) layer are called datagrams.
• IP datagrams is divided into two parts: Header and Data.
• TCP/IP to show the header in 4-byte sections.
 IP Datagram
• The following shows the IP Datagram header format in 4-byte
sections
 IP Datagram
• Version (VER)
– This 4-bit field defines the version of the IP protocol.
Currently the version is 4.
• Header length (HLEN)
– This 4-bit field defines the total length of the datagram
header
• Service type
– In the original design of IP header: type of service (TOS)
which defined how the datagram should be handled.
– field now defines a set of differentiated services.
• Total length
 IP Datagram
• Identification
• Uniquely Identifies datagram. This field is used in
fragmentation
• When a datagram is fragmented, the value in the
identification field is copied into all fragments.
• i.e. all fragments have the same identification number, same
as the original datagram.
• The identification no. helps the destination in reassembling
the datagram.
• Flags: This field is used in fragmentation process. This is a
three-bit field
 IP Datagram
• The first bit is reserved (not used). The second bit is called
the do not fragment bit.
• If its value is 1, the machine must not fragment the
datagram.
• If it cannot pass the datagram through any available
physical network, it discards the datagram and sends an
ICMP error message to the source host.
• If its value is 0, the datagram can be fragmented if
necessary.
• The third bit is called the more fragment bit. If its value is
1, it means the datagram is not the last fragment; there
are more fragments after this one.
• If its value is 0, it means this is the last or only fragment
 IP Datagram
• Fragmentation offset
• This field is used in fragmentation process.
• It is used to indicate the starting position of the data in the
fragment in relation to the start of the data in the original
packet.
• It is the offset of the data in the original datagram measured
in units of 8 bytes. (the first byte number of fragment must be
divisible by 8)

• Time to live(TTL): Specifies the lifetime of a datagram.

 IP Datagram
• Protocol. This field specifies the final destination protocol to
which the IP datagram should be delivered

• Checksum: Used for error detection in the datagram

• Source address: (32bit) defines the IP address of Source
• Destination address: (32bit) defines the IP address of
Destination
 Fragmentation
• For transmission through different physical networks the IP
datagram is divided: Fragmentation.
• A datagram travels through different networks (LAN - WAN).
• Each router decapsulates the IP datagram from the frame it
receives, processes it, and then encapsulates it in another
frame.
• Each DLL protocol has its own frame format in most protocols.
• So restriction on the size of data field in the frame is imposed:
MTU (Maximum Transfer Unit)
 Fragmentation
• Only data in a datagram is fragmented.
• When a datagram is fragmented, each fragment has its own
header with most of the fields repeated, but some changed.
• Datagram can be fragmented several times before it reaches
the final destination.
• A datagram fragmented: Source host or any router in the path.
• The reassembly of the datagram: only destination host.
• For fragmented datagram the values of following fields
changed:
– Identification (Not changed…but used)
– Flags
– Fragmentation offset, and
– Total length (changed)
– Value of Checksum is also recalculated
 ARP: Address Resolution Protocol
• Delivery of a packet to a host or a router requires
two levels of addressing:
1. Logical Address and
2. Physical Address
• ARP maps a LA to its corresponding PA (and RARP:
vice versa).
• LA 🡨🡨PA mapping:
1. Static mapping or
2. Dynamic mapping
 1. Static Mapping

• In SM a table is created that associates a LA 🡨 PA.

• This table is stored in each machine on the network.
• Limitations caused because PAs may change in the
following ways:
– A machine could change its NIC.
– In some LANs, such as LocalTalk, the PA changes every time
the computer is turned on.
• To implement these changes, a SM table must be
updated periodically.
• This overhead affects network performance.
 2. Dynamic Mapping
• In DM, each time a machine knows the LA of another
machine; it uses a protocol to find the PA.
• Two protocols have been designed to perform
dynamic mapping:
1. Address Resolution Protocol (ARP)
2. Reverse Address Resolution Protocol (RARP)
• ARP maps a LA 🡨 PA
• RARP maps a LA 🡨 PA
 Address Resolution Protocol (ARP)

• Fig: The position of the ARP in the TCP/IP protocol

suite.
• ARP accepts a LA from the IP protocol, maps the
address to the corresponding PA and pass it to the
DLL
 ARP Operation: (Request & Reply Operations)

• If host / router, needs to find PA of another

host or router on its network, it sends
(Broadcast) an ARP query / request packet.
• The packet contains PA and IP addresses of the
sender and the IP address of the receiver.
• Because the sender does not know the PA of
the receiver.
• Request packet is multicast.
• Fig. shows the ARP Request operation:
 ARP Request operation

• Receiver (B) sends back an ARP reply / response packet.

• The reply / response packet contains B’s IP and PA + A’s IP &
PA
• The packet is unicast directly to the Sender.
• An ARP packet is encapsulated directly into a data link frame.
• E.g., in Figure an ARP packet is encapsulated in an Ethernet
frame.
• The TYPE field indicates that the data carried by the frame is
an ARP packet.
ARP: Packet Format
 ARP: Packet Format
• Hardware type: (16-bit)defines the type of the network
on which ARP runs. Eg. Ethernet is given the type1.
• Protocol type:(16-bit) Defining the protocol. Eg. for the
IPv4 protocol is 080016
• Hardware length. (8-bit) Defines the length of the PA in
bytes.Eg.Ethernet:6.
• Protocol length.(8-bit) Defines the length of the LA in
bytes.Eg.IPv4:4.
• Operation.(16-bit):Defines the type of packet: ARP
request(1), ARP reply(2).
• Sender hardware address.(variable-length field) Defines
the PA of the sender. Eg. Ethernet: 6 bytes long.
 ARP: Packet Format
• Sender protocol address:(Variable-length field)
Defines the LA(IP) of the sender. Eg. IP protocol: 4
bytes.
• Target hardware address.(Variable-length field):
Defines the PA of the target. Eg. Ethernet : 6 bytes
long. For ARP request message: this field is all 0s.
• Target protocol address. (Variable-length
field)Defines the LA(IP)of the target. For the IPv4
protocol, this field is 4 bytes long.
 ARP Process
• The sender knows the IP address of the target.
• IP asks ARP to create an ARP request message (Sender PA &
IP address+ Target IP address).This message is broadcast.
• The message is passed to the DLL where it is encapsulated
in a frame.
• Every host or router receives the frame. All machines except
the one targeted drop the packet. The target machine
recognizes the IP address.
• The target machine replies with an ARP reply message that
contains its PA. The message is unicast.
• The sender receives the reply message. It now knows the
physical address of the target machine.
• The IP datagram, which carries data for the target machine,
is now encapsulated in a frame and is unicast to the
destination.
 Cases in ARP
• CASE:1:LA->Mapped To->PA. LA =IP address of
Destination.
 Cases in ARP
• CASE:2:LA->Mapped To->PA. LA = IP address of
a router(next hop)
 Cases in ARP
• CASE:3:LA->Mapped To->PA. LA = IP address of
a router(next hop)
 Cases in ARP
• CASE:4:LA->Mapped To->PA.LA= IP address of
Destination
 Proxy ARP
• Proxy ARP technique is used to create a
Subnetting effect.
• A proxy ARP is an ARP that acts on behalf of a set
of hosts.
• If a router running a proxy ARP receives an ARP
request looking for the IP address of one of these
hosts, the router sends an ARP reply with its own
PA.
• After the router receives the actual IP packet, it
sends the packet to the appropriate host or
router.
Proxy ARP
 Proxy ARP
• In Figure the ARP installed on the right-hand host will answer
only to an ARP request with a target IP address of
141.23.56.23.
• However, the administrator may need to create a subnet
without changing the whole system to recognize subnetted
addresses.
• One solution is to add a router running a proxy ARP. In this
case, the router acts on behalf of all of the hosts installed on
the subnet.
• When it receives an ARP request with a target IP address that
matches the address of one of its protégés(141.23.56.21,
141.23.56.22, and 141.23.56.23), it sends an ARP reply and
announces its hardware address as the target hardware
address.
• When the router receives the IP packet, it sends the packet to
the appropriate host.
Internet Control Message Protocol (ICMP)
• The IP protocol has no error-reporting or
error-correcting mechanism.
• The IP protocol has no built-in mechanism to notify the
original host.
• The IP protocol also lacks a mechanism for host and
management queries.
• A host sometimes needs to determine if a router or
another host is alive.
• And sometimes a network manager needs information
from another host or router.
• The ICMP has been designed to compensate for the
above deficiencies.
Internet Control Message Protocol (ICMP)
• It is a companion to the IP protocol.
• Figure shows the position of ICMP in relation to IP
and other protocols in the network layer.

• ICMP itself is a network layer protocol.

• However, its messages are not passed directly to the
data link layer as would be expected.
• Instead, the messages are first encapsulated inside IP
datagrams before going to the lower layer.
 ICMP Messages

• ICMP Messages are divided into two broad

categories: error-reporting messages and query
messages.
• The error-reporting messages report problems that a
router or a host (destination) may encounter when it
processes an IP packet.
• The query messages, which occur in pairs, help a
host or a network manager get specific information
from a router or another host.
 ICMP Messages

• Table lists the ICMP messages in each category.

 Error Reporting Messages
• One of the main responsibilities of ICMP is to report
errors.
• IP is an unreliable protocol.
• This means that error checking and error control are not
a concern of IP.
• ICMP was designed to compensate for this shortcoming.
• However, ICMP does not correct errors, it simply reports
them.
• Error correction is left to the higher-level protocols.
• Error messages are always sent to the original source
because the only information available in the datagram
about the route is the source and destination IP
addresses.
• ICMP uses the source IP address to send the error
message to the source (originator) of the datagram.
 Error Reporting Messages
• Five types of errors are handled:
 Error Reporting Messages

• The following are important points about ICMP error

messages:
• No ICMP error message will be generated in response
to a datagram carrying an ICMP error message.
• No ICMP error message will be generated for a
fragmented datagram that is not the first fragment.
• No ICMP error message will be generated for a
datagram having a multicast address.
• No ICMP error message will be generated for a
datagram having a special address such as 127.0.0.0 or
0.0.0.0.
 Query Messages
• In addition to error reporting, ICMP can also diagnose
some network problems.
• This is accomplished through the query messages.
• A group of five different pairs of messages have been
designed for this purpose.
• Only two pairs are used today: echo request and reply
and timestamp request and reply.
• In this type of ICMP message, a node sends a message
that is answered in a specific format by the destination
node.
• An echo-request message can be sent by a host or
router.
• An echo-reply message is sent by the host or router
that receives an echo-request message.
 Query Messages
• The data section in error messages carries information for
finding the original packet that had the error.
• In query messages, the data section carries extra
information based on the type of the query.

General format of ICMP messages

 Destination Unreachable Error
• When a router cannot route a datagram or a host
cannot deliver a datagram, the datagram is discarded
and the router or the host sends a
destination-unreachable message back to the source
host that initiated the datagram.
• Figure shows the format of the
destination-unreachable message.
• The code field for this type specifies the reason for
discarding the datagram.
 Destination Unreachable Error
• Destination-unreachable messages with codes 2 or 3 can be
created only by the destination host.
• Other destination-unreachable messages can be created
only by routers.
• A router cannot detect all problems that prevent the
delivery of a packet.
• Code 0. The network is unreachable, possibly due to
hardware failure.
• Code 1. The host is unreachable. This can also be due to
hardware failure.
• Code 2. The protocol is unreachable.
• Code 3. The port is unreachable.
• Code 4. Fragmentation is required, but the DF (do not
fragment) field of the datagram has been set.
• Code 5. Source routing cannot be accomplished.
 Source Quench Error
• The IP protocol is a connectionless protocol.
• There is no flow-control or congestion-control
mechanism in the IP protocol.
• The source-quench message in ICMP was designed to
add a kind of flow control and congestion control to
the IP.
• When a router or host discards a datagram due to
congestion, it sends a source-quench message to the
sender of the datagram.
• This message has two purposes.
• First, it informs the source that the datagram has been
discarded.
• Second, it warns the source that there is congestion
somewhere in the path and that the source should
slow down (quench) the sending process.
 Source Quench Error

• One source-quench message is sent for each

datagram that is discarded due to congestion.
• The source-quench format is shown in Figure.
 DEBUGGING TOOLS

• There are several tools that can be used in the

Internet for debugging i.e. to find if a host or
router is alive and running.
• Two mainly used tools that use ICMP for
debugging: ping and traceroute.
 Ping

• The ping program can be used to find if a host is

alive and responding.
• The source host sends ICMP echo request
messages (type: 8, code: 0); the destination, if
alive, responds with ICMP echo reply messages.
• The ping program sets the identifier field in the
echo request and reply message and starts the
sequence number from 0; this number is
incremented by one each time a new message is
sent.
 Traceroute

• The traceroute program in UNIX or tracert in

Windows can be used to trace the route of a packet
from the source to the destination.
 Traceroute

• Given the topology, we know that a packet

from host A to host B travels through routers
R1 and R2.
• However, most of the time, we are not aware
of this topology.
• There could be several routes from A to B.
• The traceroute program uses the ICMP
messages and the TTL (time to live) field in the
IP packet to find the route.
 ICMP PACKAGE
• ICMP package is made of two modules: an input
module (receiving of ICMP messages) and an output
module (handle the sending).
 Input Module

• The input module handles all received ICMP

messages.
• If the received packet is a request, the module
creates a reply and sends it out.
• If the received packet is a redirection message,
the module uses the information to update the
routing table.
• If the received packet is an error message, the
module informs the protocol about the situation
that caused the error.
 Output Module
• The output module is responsible for creating request,
solicitation, or error messages requested by a higher
level or the IP protocol.
• If the demand is from IP, the output module must first
check that the request is allowed.
• ICMP message cannot be created for four situations:
an IP packet carrying an ICMP error message, a
fragmented IP packet, a multicast IP packet, or an IP
packet having IP address 0.0.0.0 or 127.X.Y. Z.
• The output module may also receive a demand from
an application program to send one of the ICMP
request messages.
 IGMP (Internet Group Management
Protocol)
• The IGMP is responsible for correcting and interpreting
information about group members in a network.
• It is one of the protocols designed at the IP layer for this
purpose.

• IGMP is a group management protocol.

• It helps a multicast router, create and update a list of loyal
members related to each router interface.
IGMP Messages
 Membership Query Message Format

• A membership query message is sent by a router to

find active group members in the network.
 Membership Query Message Format

• Type. This 8-bit field defines the type of the message.

The value is 0X11 for a membership query message.
• Maximum Response Code. This 8-bit field is used to
define the response time of a recipient of the query.
• Checksum. This is a 16-bit field holding the checksum.
• Group Address. This 32-bit field is set to 0 in a general
query message.
• Resv. This 4-bit field is reserved for the future and it is
not used.
• S. This is a 1-bit suppress flag. When this field is set to
1, it means that the receivers of the query message
should suppress the normal timer updates.
 Membership Query Message Format

• QRV. This 3-bit field is called querier’s robustness

variable. It is used to monitor the robustness in
the network.
• QQIC. This 8-bit field is called querier’s query
interval code.
• Number of sources (N). This 16-bit field defines
the number of 32-bit unicast source addresses
attached to the query.
• Source Addresses. These multiple 32-bit fields list
the N source addresses, the origin of multicast
messages.
Membership Report Message Format
 Membership Report Message Format

• Type. This 8-bit field with the value 0x22 defines the
type of the message.
• Checksum. This is a 16-bit field carrying the checksum.
• Number of Group Records (M). This 16-bit field
defines the number of group records carried by the
packet.
• Number of Group Records. There can be zero or more
group records of variable length.
• Each group record includes the information related to
the responder’s membership in a single multicast
group.
 Membership Report Message Format
• Record Type. Currently there are six record types as shown in
Table:

• Aux Data Len. This 8-bit field defines the length of the auxiliary
data included in each group record.
• Number of Sources (N). This 16-bit field defines the number of
32-bit multicast source addresses attached to the report.
• Source Addresses. These multiple 32-bit fields list the M
source addresses.
• Aux Data. This field contains any auxiliary data that may be
included in the report message.