IPv4 (Internet Protocol version 4)

Need of Network layer addressing ? IPv4 Allocation techniques IPv4 header

OPM

Internet Protocol (IP)

Internet Protocol is layer three protocol used to identify host , intermediate devices and different networks uniquely all over the world during packet transmission.

The internet layer facilitates internetworking, which is the concept of connecting multiple networks with each other through network gateways.

OPM

Basic functions of Network layer

For outgoing packets, select the next-hop device (router or gateway) and transmit the packet to link layer. For incoming packets, capture packets and pass the packet payload to the appropriate transport-layer protocol.

OPM

IPv4
IPv4 was described in RFC 791 (September 1981).
IPv4 is a connectionless protocol for use on Packet switched networks.

It operates on a best effort service model, in that it does not guarantee delivery, nor does it assure proper sequencing or avoidance of duplicate delivery. These aspects are addressed by an transport protocol, such as TCP and UDP.

OPM

IPv4 (cont.)
IPv4 uses 32 bits addresses, which limits the address space to 4294967296 (232) addresses.
IPv4 address exhaustion (occurred on February 3, 2011) significantly delayed by following addressing changes such as
Classful network design, Classless network design (Classless Inter Domain Routing CIDR), Network Address Translation (NAT). Dynamic Host Configuration Protocol (DHCP)

OPM

Dotted-decimal notation and binary notation for an IPv4 address

OPM

Private Network IP address

The following three blocks of IP addresses are reserved for use in private networks.

These IP addresses are not routable outside of private networks, and private machines cannot directly communicate with public networks.
They can, however, do so through network address translation (NAT).

OPM

Some special address blocks

Link-local addressing special address block 169.254.0.0/16 for link-local addressing, only valid on links connected to a host . These addresses are not routable so cannot be the source or destination of packets traversing the internet (public network). These addresses are primarily used when a host cannot obtain an IP address from a DHCP server or other internal configuration methods. Loopback The class A network 127.0.0.0 (classless network 127.0.0.0/8) is reserved for loopback. IP packets with source addresses belong to this network never appear outside a host. IP packets with source and destination addresses belong to the network (or subnetwork) of the same loopback interface are returned back to that interface, hence can be used to check network interface port of a host device.

Addresses ending in 0 or 255 Class C networks in classful networking, and networks with CIDR prefixes /24 to /32 (255.255.255.0255.255.255.255) can not have an address ending in 0 or 255. OPM 8 In networks except class C, the IP addresses ending with 0 and 255 can be used.

Classful IP allocation Technique

OPM

Netid and hostid

OPM

10

Number of blocks and block size in classful IPv4 addressing

OPM

11

Classless IP allocation Technique (CIDR)

In IPv4 addressing, a block of addresses can be defined as x.y.z.t /n in which x.y.z.t defines one of the addresses and the /n defines the mask.

OPM

12

Each IP address contains information of Network & Host number

The leftmost n bits (prefix) define the network Number. The total number of Networks in the block can be found by using the formula 2 n. The rightmost 32 n bits define the host number. The total number of host addresses in the block can be found by using the formula 232n.

OPM

13

Configuration and addresses in a subnetted network

OPM

14

Three-level hierarchy in an IPv4 address

OPM

15

NAT implementation

OPM

16

Addresses in a NAT

OPM

17

NAT address translation

OPM

18

Example: Five-column translation table

OPM

19

IP Datagram Format (with header)

bit # 0 version header length Identification time-to-live (TTL) protocol source IP address destination IP address options (0 to 40 bytes) payload 7 8 DS 15 16 ECN 0 D M F F 23 24 31 total length (in bytes) Fragment offset header checksum

4 bytes

20 bytes Header Size < 24 x 4 bytes = 60 bytes 20 bytes Total Length < 216 bytes = 65536 bytes
OPM 20

IPv4 header fields

Version:- 4 bits field, for IPv4 field value is 4 .
IHL (Internet Header Field):- 4 bits field, which is the number of 32-bit word in the header. this field specifies the size of the header (this also coincides with the offset to the data). The minimum value for this field is 5 (RFC 791), which is a length of 532 = 160 bits = 20 bytes. Being a 4-bit value, the maximum length is 15 words (1532 bits) or 480 bits = 60 bytes.

OPM

21

IPv4 header fields (cont.)

Type of Service (originally defined ):- 8-bits field
Differentiated Services (DS 6-bits defines type of services like control, data, real-time streaming etc. Explicit Congestion Notification (ECN 2-bits allows end-to-end notification of network congestion without dropping packets).

OPM

22

IPv4 header fields (cont.)

Total length : 16-bits field defines the entire packet (fragment) size, including header and data, in bytes (octet). The minimum-length packet is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 bytes the maximum value of a 16bit word.

Identification : uniquely identifies a datagram or must be copied in fragments. Retransmission of a packet carries the same identification number. Some experimental work has suggested using the ID field for other purposes, such as for adding packet-tracing information to help trace datagrams with spoofed source addresses

OPM

23

IPv4 header fields (cont.)

Flags:- 3-bits field,
used to control or identify fragments. They are (in order, from high order to
low order). bit 0: Reserved; must be zero. bit 1: Don't Fragment (DF), set (1) for dont fragment, clear (0) for fragment bit 2: More Fragments (MF), set (1) for more fragment follows, clear (0) for no fragment and last fgagment.

Fragment Offset:- 13-bits long field,

measured in units of eight-byte blocks, specifies the offset of a particular fragment relative to the beginning of the original un-fragmented IP datagram. The first fragment has an offset of zero. This allows a maximum offset of (213 1) 8 = 65,528 bytes, which would exceed the maximum IP packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548 bytes).
OPM 24

IPv4 header fields (cont.)

Time To Live (TTL):- 8-bits field
helps prevent datagram from persisting (e.g. going in circles) on an internet. This field limits a datagram's lifetime.
The field has become a hop-countwhen the datagram arrives at a router, the router decrements the TTL field by one. When the TTL field hits zero, the router discards the packet and typically sends a ICMP time exceeded message to the sender. The program traceroute uses these ICMP Time Exceeded messages to print the routers used by packets to go from the source to the destination.
OPM 25

IPv4 header fields (cont.)

Protocol :- 8-bit field
This field defines the protocol (TCP or UDP) used in the data portion of the IP datagram.

Checksum :- 16-bit field (checksum of 16-bit blocks) used for error-checking of the header.
Checksum is calculated as 1s complement of sum of 1s complement of all 16-bit blocks of IP header. When a packet arrives at a router, the router calculates the checksum of the header and compares it to the checksum field. If the values do not match, the router discards the packet. Errors in the data field must be handled by the encapsulated protocol. When a packet arrives at a router, the router decreases the TTL field. Consequently, the router must calculate a new checksum.
OPM 26

IPv4 header fields (cont.)

Source address: This field is the IPv4 address of the sender of the packet. This address may be changed in transit by a Network Address Translation device.

Destination address: This field is the IPv4 address of the receiver of the packet. As with the source address, this may be changed in transit by a Network Address Translation device.

OPM

27

IPv4 header fields (cont.)

Options: The options field is not often used. The list of options may be terminated with an EOL (End Of Option list, 0x00) option; this is only necessary if there is any option entries in header. The possible options that can be put in the header are as follows: Copy (1 bit) Option class (2 bits) Option Number (5 bits)

Copy : Set to 1 if the options need to be copied into all fragments of a fragmented packet. Option Class : options category. 0 is for datagram or network control" options, and 2 is for "debugging and measurement". 1, and 3 are reserved.
Option Number : value 0 for end of option list, 3 for loose source route, 7 for record route, 9 for strict source route, 11 for MTU probe, 18 for traceroute program to find routers along a path etc.

OPM

28

Address spoofing
Sender can put any source address in packets he sends:
Can be used to send undesired return traffic to the spoofed address Can be used to bypass filters to send undesired traffic to the destination

Reverse Path verification can be used by routers to broadly catch some spoofers using option field.

OPM

29

Fragmentation
May need to fragment an IP packet if one data link along the way cannot handle the packet size
Perhaps path is a mix of different Hardwares. Perhaps unexpected encapsulation makes the packet larger than the source expected Hosts try to understand Maximum Transmission Unit (MTU) to avoid the need for fragmentation (which causes a performance hit)

Any device along the way can fragment (in IPv4 only)
Identification field identifies all elements of the same fragment Fragmentation stored in the MF (more fragments) and fragment offset fields Devices can reassemble too But generally the destination does the reassembly

OPM

30

Basic IPv4 Routing

Static routing. Used by hosts and some firewalls and routers.

Routing table consists of entries of
Networks gateways, Next hop addresses, other routers information etc.

May have routing table per incoming interface To route a packet, take the destination address and find the best match network in the table. In case of a tie look at the metric
Use the corresponding next hop address and interface to send the packet on. The next hop address is on the same link as this device, so you use the next hops data-link address, e.g. ethernet MAC address

Decrement time to live field in IP header at each hop . Drop packet when it reaches 0
Attempt to avoid routing loops TTL fields maximum value is 255.

OPM

31

Source Based Routing

In the IP Options field, can specify a source route
Was conceived of as a way to ensure some traffic could be delivered through predefined path irrespective of routing tables.

Can be used by the network attacker to avoid security enforcing devices

OPM

32

Dynamic Routing Protocols

For scaling, discover topology and routing rather than statically constructing routing tables
Open Shortest Path First (OSPF): Used for routing within an administrative domain
Traffic diversion by considering current status of a particular path Border Gateway Protocol (BGP): Used for routing between administrative domains.

OPM

33