CHAPTER 10

IP PROTOCOLS
10.1 About This Chapter
The Internet Protocol (IP) is the centre piece of the Internet and IP-suite of
protocols. It established itself as the most widely-used data networking protocol. It
provides an interface function on which the Internet is based. IP is used not only in end
devices which access the Internet but also between the nodes of wide area data networks.
A good understanding of IP is necessary to continue on to TCP and UDP, because
the IP is the component that handles the movement of datagrams across a network.
Knowing how a datagram must be assembled and how it is moved through the networks
helps you understand how the higher-level layers work with IP. For almost all protocols in
the TCP/IP family, IP is the essential element that packages data and ensures that it is sent
to its destination.
Although the IP version 4 was robust at the time of its publication in 1981, it did not
anticipate several Internet advances. These advances are taken in consideration by IP
version 6 which made many improvements on internet protocol to accommodate the
development of the Internet. IP version 6 was referred to as IP the Next Generation (IPng).
Other protocols are necessary to handle error reporting, Multicasting and group
managements. ICMP is an error-reporting system. It is an integral part of IP and must be
included in every IP implementation. This provides for consistent, understandable error
messages and signals across the different versions of IP and different operating systems.
Group membership on a single network is communicated between systems by the
IGMP protocol. Multicast routers propagate group membership information using
multicast routing protocols a standard IP router may support multicast routing, or multicast
routing may be handled by a router dedicated to that purpose.
There are a lot of experimental applications on the Internet that take advantage of
multicasting include audio and video conferencing applications, resource discovery tools,
and shared whiteboards.
The Address Resolution Protocol (ARP) is designed to convert IP addresses to
MAC addresses, while the Reveres Address Resolution Protocol (RARP) works in the
opposite direction. Suppose that a user wants to transmit a packet to its destination.
This chapter describes how wide area networks can use the Internet Protocol. We
will discuss in detail the two most important variations of the Internet protocol—version 4
(IPv4) and version 6 (IPv6). We shall cover the functions and describe the structure of an
IP packet and the basic IP processing including input, forwarding, and output. Option
processing and fragmentation and reassembly will be discussed. The construction of the IP
header is important to many TCP/IP family protocol members, so you can use this
knowledge in later chapters.
32 COMPUTER NETWORKS AND

This chapter will also cover the basics of ICMP, IGMP, ARP, and RARP protocols,
their fundamental operations and functions, their characteristics, and how their data units
are built and transferred.

10.2 Learning Outcome

After this chapter, you should be able to:
1. Be familiar with the TCP/IP suite protocols.
2. Understand the necessity of using the Internet Protocol
3. Provide an overview of IPv4.
4. Provide an overview of IPv6.
5. Distinguish between IPv4 and IPv6 operations and capabilities.
6. Understand the basics of Internet Control Management Protocol (ICMP).
7. Understand the basics of Internet Group Management Protocol (IGMP).
8. Understand the importance and the basics of logical to physical address translation
and vice versa.

10.3 TCP/IP Suite Protocol

Transmission Control Protocol/Internet Protocol (TCP/IP) is one of today’s most
widely used networking protocols. A TCP/IP network is generally a heterogeneous
network, this means that there are many different types of network computing devices
attached.
The Internet Protocol (IP) had its roots in early military networks of the 1970s, but
it's been within the past decade that IP has made its unstoppable conquest of the
world's networks. Today, IP has established itself as the primary vehicle for our global
system of electronic commerce, enabling a vast array of client/server and peer-to-peer
computing applications. TCP/IP allowed for open communications to exist, LAN to LAN
and LAN to WAN connectivity between multiple operating environments.
The TCP/IP became the main protocol in communication for many reasons such as:
1. The capability of the protocol to allow dissimilar systems to communicate through the
network.
2. TCP could be layered on top of any datagram protocol, even the ones that are part
of other protocol suites.
3. The protocol is an "open" protocol and anyone who wishes to implement it may do so
freely.
4. Perhaps no other protocol designed to work above the Data Link and Physical OSI
layers is as popular as TCP/IP. That's primarily because this global protocol suite has
been used by and continually promulgated thousands of government and educational
institutions worldwide.
5. The TCP/IP protocol combination offers a "connection-oriented reliable byte stream",
sometimes called a "virtual circuit." TCP deals with datagram loss as well as potential
datagram reordering and duplication to provide a degree of"reliability."
6. TCP/IP protocol runs independently of the data link and physical layer. At these layers
the TCP/IP protocol can run on Ethernet, Token Ring, FDDI, serial line, X.25, etc. It
 IP 32

has been adapted to run over these protocols. TCP/IP was first used to interconnect
computer systems through synchronous lines and high-speed local area networks.
Today, it is used on any type of medium. This includes serial (asynchronous and
synchronous) and high-speed networks such as FDDI, Ethernet, and token Ring.
Let’s start with understanding the functions and protocols by studying their
placement in the OSI model. In looking at Figure10.1, we can see that there are
distinct protocols that run at each layer of the OSI model, starting from the network
layer to the application layer. The heart of the TCP/IP network protocol is at layers 3
and 4. The applications for this protocol (file transfer, mail, and terminal emulation)
run at the application layer.

Protocol suite is a collection of protocols that work together as a group. Examples of protocol suites inc

TCP/IP is actually a family of protocols working together to provide a path that

allows internet data communication. These protocols can be classified into three
categories:
S Network Layer protocols
S Transport Layer protocols
S Applications protocols
We will discuss the network layer protocols in the following section, while the other
protocols will be discussed in the other coming chapters.

Ethernet ToLcn Frumc ATM

Ring Rlay
Transport Layer

Figure 10.1: OSI and TCP/IP architectural Model

 32 COMPUTER NETWORKS AND

10.4 The Network layer Protocols

IP protocol is designed to transport data between any two arbitrary computers within
the Internet, i.e., through many LANs.
A number of routers can appear between the sender and the recipient. The data
is thereby transferred from one router to another. Each router resolves routing to the
next router (next hop) independently. A hop means the next router or destination
machine to which the data is being transferred.
The IP is a protocol enables the connection of individual networks into a worldwide
Internet. It consists of several individual protocols:
S The actual IP.
S Internet Control Message Protocol (ICMP) that serves specifically to signal
abnormal states.
Internet Group Management Protocol (IGMP) that serves for local
transportation of multicasts.
Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol
(RARP) that serve as a translator from IP addresses to MAC addresses and
vice versa. These protocols are often seen as independent protocols because
their packets are not encapsulated in IP datagrams.
Whereas in the link protocol, each network interface has its MAC address, which
for LANs consists of 6 bytes, in the IP protocol, each network interface has at least one IP
address, which for IP version 4 is 4 bytes and for IP version 6 is 16 bytes.
The basic element used to build a Wide Area Network (WAN) is a router with
which serves to transfer data packets between two network interfaces.

10.5 Internet Protocol (IP)

The ability to transfer data packets between the network interfaces of a router is
called forwarding. The basic question is " My are two protocols needed? My is one link
protocol not enough?" A link protocol only serves for transporting data within a LAN (i.e.,
for transporting to the nearest router, which unpacks the data from the link framework and
repacks the data into a different link frame).
IP transports data between two remote computers on a WAN, while the link
protocol only transports data frames to the next router. While each router throws away the
envelope in which the data is wrapped on a link layer and creates a new one, an IP
datagram (IP packet) is not changed by the router. The router must not change the IP
datagram content. The exception are the Time To Live (TTL) entry in the IP v4 datagram
header, hop limit entry in the IP v6 datagram header fragmentation, source routing, and so
on, which we will talk about later.
While for link protocols, the basic unit of transferred data is called a link frame, in
the IP the basic unit of transferred data is called an IP datagram.
Let’s look at the situation illustrated in Figure 10.2 in which a sender from the LAN
1 network sends an IP datagram to a recipient on the LAN 2 network.
 IP 32

IP Protocol
2“ DLL Protocol 3" DLL Protocol 4"' DLL Protocol

IP 1 MAC2 MAC 3 MAC 4 IP 2

MAC 1 MAC 5

Source
Destination

High-Level Data Link

High-Level Data Link

Ethernet

Figurc 10.2: Scndcr scnding IP datagram cncapsulatcd into data link laycr framc
The sender wants to send an IP datagram to the recipient with the IP address IP2. It
creates an IP datagram, but to insert it into a local network, the sender must insert it into a
data link frame which has the sender's MAC 4 address and the recipient’s MAC 5 address.
The data can only travel through the link protocol to router 1, which unpacks the IP
datagram from the Ethernet frame and looks at the recipient’s IP address. Depending on
the recipient’s IP address, it decides to which of its routers the IP datagram should be sent,
i.e., on which link protocol the IP datagram should be encapsulated based on its
routing table. In our example the routers have decided on the HDLC line. So the IP
datagram is encapsulated into an HDLC frames.
Our IP datagram is transported via the HDLC protocol through the routers to the
final router, which again unpacks the IP datagram from the HDLC envelope and, after
wrapping it in a data link layer envelope, inserts it into the destination LAN. The IP
datagram is again encapsulated into a data link layer frame which has the sender’s MAC 4
address and the recipient’s MAC 5 address.

M High-level Data Link Control (HDLC) is a standard synchronous communication protocol at the data

The main goal of IP is to provide interconnection of sub-networks to form an

internet in order to pass data. IP is the primary layer 3 protocol (network layer) in the
Internet suite. The IP protocol provides four main functions:
S Basic unit for data transfer
H Addressing
32 COMPUTER NETWORKS AND

S Routing.
S Fragmentation of datagrams.

10.5.1 IP v4 Data Unit

The primary goals for IP are to provide the basic algorithm for transfer of data to
and from a network. It provides a connectionless delivery service for the upper layer
protocols. IP submits a formatted data packet to the destination station and does not expect
a status responds. IP will add its control information, specific to the IP layer only, to
the data received by the upper layer (transport layer). Once this is accomplished, it will
inform the data-link layer that it has a message to send to the network. The unit of
information that IP transfers is known as datagram. The IP protocol does not care what
kind of data is in the packet. All it knows is that it must apply some control
information, called an IP header, to the data received from the upper layer protocol
and try to deliver it to some station on the network or internet. To understand the IP
functionality, a brief look at the control information it adds (the IP header) to the
packet as shown in Figure10.3.

Figure 10.3: The IP v4 data unit encapsulated in data link layer frame
The IP packet is composed of several fields as shown in Figure 10.2. Instead of
referring to the length of IP packets according to bits and bytes, the IP frame uses a length
measurement of 32 bits referring to that grouping as a word. Consequently, any diagrams
used to illustrate IP frame construction will divide the frame into 32-bit words.
S The first field is four bits in length and is called the version field. It contains the
version number of the IP software used to create the datagram so that any device
along the way that looks at the datagram will know what format it is in.
 IP 32

Decimal Keyword Version

0 Reserved
1-3 Unassigned
4 IP Internet Protocol
5 ST ST Datagram Mode
6 IPv6
7 TP/IX TP/IX: The Next Internet
8 PIP The P Internet Protocol
9 TUBA TCP and UDP over Bigger Addresses
10-14 Unassigned
15 Reserved
A 4-bits IP header length follows (HLEN) gives the total length of the datagram
header. The type of service field is 8-bits. It is divided into five distinct
sections. The total length field appearing next as a 16-bits field contains the total
length of the entire datagram in bytes. The IP datagram is virtually unlimited in
size. It can be as large as 65,535 bytes, a size that few applications can even
begin to approach. However, in the future, higher speed networks may suffer
from this limitation.
The next 16-bits field is the identification field containing a combination of an
integer and the Internet source address. Together these create a unique ID for the
datagram. This same information is used to keep the fragments of a datagram
together.
Once a datagram has been fragmented, the datagrams created from the original
have virtually the same header. The only difference lies in the next field, the flags
4-bits field. Only the last two of the three bits in this field control
fragmentation. The first of the two is called the "do not fragment" (DF) field. If
this bit is on, then a datagram does not get fragmented. The next bit is the
"more fragments" bit specifying whether or not the current fragment is the last
fragment.
The next eight bits comprise what is known as the "time to live" field. This field is
a safety preventative to keep data packets from swarming around an Internet
forever. Each datagram is given a lifetime length when first transmitted. This
value is in seconds and gets decremented whenever the packet reaches a routing
device. These devices must decrement the field by at least a value of one. Most
record the amount of time that a packet has been held by the device and then
decrement the field accordingly before transmitting the packet on out along a
pathway.
Next we have the protocol field that contains eight bits specifying what higher
layer functions are being used. These higher layer protocols might be TCP/IP
protocols or some other protocol type. Since the higher layer protocol is specified
by this field we may have several protocols active at the receiver and this data
would ensure the correct one used that packet.
The header checksum follows. This 16-bit field assures the integrity of the IP
header itself. Every time the datagram gets routed, the time to live field gets
decremented. Consequently the checksum must be recalculated at each hop. The
32 COMPUTER NETWORKS AND

source and destination fields are next. Each address is 32 bits in size and contains
a unique IP address. The next to last 32-bits field is a variable length field known
as the options field. It is used to allow additions to the header information such as
strict source route, loose source route, record route, time stamps, security, or
padding. Finally there is the data itself.

10.5.2 IP v6 Data Unit

IP version 4 did not anticipate several Internet advances including:
H The recent exponential growth of the Internet while the IP version 4 address space
is limited to maximum 2' 2 addresses.
S The need for simpler configuration
S The requirement for security at the IP level
S The need for better support for real-time delivery of data, also called quality
of service
IP version 6 has not only enlarged the IP address size from 4 to 16 bytes, but
also offers a revamped view of the IP datagram. The IP version 6 datagram consists of
a 40 byte-long Base header followed by various extensions.

Figure 10.4: The IP data unit encapsulated in data link layer frame
 IP 32

Version: The IP version field has the value 6 rather than the value 4 found in
IP version 4.
Priority: The priority field contains four bits describing the traffic class. This field
prioritizes which datagrams are less important and can be discarded when the
router is forced to discard certain IP datagrams.
Flow label: This field along with the source address identifies individual data
flows on the Internet. When datagrams reach the router, they are stored in the
queue. The router simply searches its cache. If it finds no matches, it solves the
routing task for that particular datagram as well. But the datagrams of the same
flow are automatically sent to the interface selected for the first one. In the result
the router dose not solve the same task for thousands of datagrams with the same
result.
Payload length: This field specifies the total length of the IP datagram excluding
the Base header. The maximum length of the datagram transferred might be
65,535 bytes. It is also possible, however, to use a larger datagram from the next
header of the router information that enables sending even larger datagrams
(jumbograms).
Next header: It specifies the next header type.
Hop limit: TTL field in IP v4 is replaced with the hop limit. The hop limit is
decreased every time the IP datagram passes through a router. When it reaches 0,
the datagram is considered lost and, subsequently, discarded.

& The hop is a logical distance between networks based on the number of routers that must be traversed by

10.5.3 IP v 6 Extension Header Types

One of the more interesting changes to IP with version 6 is the concept of
concatenated headers. This is accomplished using the next header field on the IPv6 header.
Extension headers form chains. The chain contains only those headers that are necessary.
The Next header field is followed by the header length field as it is shown in Figure 10.5.
This field specifies the shift that is necessary in order to reach the next header. The
Base header does not have a header length field since it is always 40 bytes long. The
length is not used with Base and fragment headers since these headers are with known
length (40 bytes for Base and 8bytes for fragment).
Next Hcadcr Header Length Client host B

Extension I leader Data

Figure 10.5: Extension header general structure

The types of extension headers are:
32 COMPUTER NETWORKS AND

Hop-by-Hop Extension Header Options: It is used to carry optional information

that must be examined by every node along a packet’s delivery path such as:
o inform the router what it is expected to do with the datagram if the option
is not recognized
O indicate whether the router is allowed to change the option or not
O indicate Jumbograms option, 4 bytes of the Jumbogram option provide for
a maximum length of up to 4 GB.
Destination Extension Header Options: This header is used to carry optional
information that needs be examined only by a packet’s destination node(s).
Routing Extension Header (Type 0) : The Routing header is used by an IPv6
source to list one or more intermediate nodes to be “visited” on the way to a
packet’s destination. The lower part of the header contains the IP addresses of
routers that the source wants to use for routing the datagram.
Fragment Extension Header: The Fragment header is used by an IPv6 source to
send packets larger than would fit in the path MTU to their destinations. Unlike IP
version 4 only the operating system source is capable of fragmenting IP datagrams
in IP version 6. Identification of the IP datagram is necessary for fragmenting so
that the destination user knows which fragment is part of the same datagram. In IP
version 6, the datagram identification is only contained in the next header;
therefore, it is not a part of each IP datagram.
Authentication Extension Header: It is used for ensuring data integrity and also
enables the source user to authenticate data in order to verify that they have been
sent. The datagram is protected against any potential modifications in the IP
datagram along its delivery path such as by a hacker.
Encapsulating Security Payload Extension Header: This header enables
encryption of the transferred data. It must be the final Next header in the IP
datagram if the subsequent data is encrypted, otherwise following headers will be
unavailable for processing by the routers transmitting the IP datagram.
From end-to-end communication, these fields should be ignored by all stations that
may receive them. These fields are generally built and consumed by the source and
destination stations only. The exception is the hop-by-hop options field, which may be
reviewed by routers in the path to the destination.

M IPv6 and IPv4 nodes can peacefully coexist on a network using tunneling. This is a technology for sending
 IP 32

10.5.4 Fragmentation of Datagrams

In addition to internetwork routing, IP provides error reporting and fragmentation
and reassembly of datagrams for transmission over networks with different maximum data
unit sizes.
If a router receives an IP packet that is too large for the network to which the packet
is being forwarded, IP fragments the original packet into smaller packets that fit on the
downstream network. When the packets arrive at their final destination, IP on the
destination host reassembles the fragments into the original payload. This process is
referred to as fragmentation and reassembly.
Fragmentation can occur in environments that have a mix of networking
technologies, such as Ethernet or Token Ring.
The fragmentation and reassembly work as follows:
S When an IP packet is sent by the source, it places a unique value in the
Identification field.
The IP packet is received at the router. The IP router notes that the size
of data unit of the network onto which the packet is to be forwarded is
smaller than the size of the IP packet.
IP divides the original IP payload into fragments that fit on the next network. Each
fragment is sent with its own IP header that contains:
o The original Identification field identifying all fragments that belong
together.
O The More Fragments Flag indicating that other fragments follow. The
More Fragments Flag is not set on the last fragment, because no other
fragments follow it.
O The Fragment Offset field indicating the position of the fragment relative to
the original IP payload.
When the fragments are received by IP at the remote host, they are identified by the
Identification field as belonging together. The Fragment Offset field is then used to
reassemble the fragments into the original IP payload.

10.5.5 Mobile IP
Today’s computers are smaller and more mobile than they used to be. They can now
be easily carried around and be used anywhere. A lot of people generally want to read their
e-mail and access their normal file systems wherever in the world they may be using their
portable computers. A user may now disconnect his computer in the office and reconnect
from another site within the same office or elsewhere.
In wireless connectivity the point of attachment may change even while the user is
connected since the user may travel between Base stations of a wireless LAN or a mobile
phone system.
33 COMPUTER NETWORKS AND

Mobile IP allows a node to change its point of attachment to the Internet without
needing to change its IP address. This is not simply a configuration simplification, but can
facilitate continuous application-level connectivity as the node moves from point to point.
In most mobile IP cases, TCP cannot be used, as the congestion-control scheme
would greatly reduce the throughput and the inherent delays and error bursts may result in
a large number of retransmissions. Mobile IP faces many challenges such like mobility,
registration, interoperability, connection reliability and security. We will cover the mobile
IP issues in chapter 12.

& A mobile node must be able to communicate with other nodes after changing its link-layer point of attachm

10.6 Internet Control Message Protocol

ICMP is a service protocol that is part of IP. It is used to signal abnormal events in
networks built on the IP protocol. ICMP packets are wrapped into an IP datagram.
This protocol offers flow control and error-detection to the unreliable delivery
method of IP. It provides a facility for routers and gateways on the net to communicate
with a source if there is a problem. It also provides a mechanism for determining if a
destination can not be reached.
Since IP is a connectionless, unreliable delivery service, allowing routers and
hosts on an internet to operate independently, there are certain instances when errors will
occur on the internet. Some of these errors could be: a packet is not routed to the
destination network, the router is too congested to handle any more packets, or a host may
not be found on the internet. There is no provision in IP to generate error messages or
control messages. ICMP is the protocol that handles these instances for IP.
One of the most common uses for ICMP is the PING program. PING is an ICMP
message that tries to locate other station on the internet to see if they are active or to see if
a path is up. It can also be used to test intermediate networks along the way to the
destination.

M Ping stands for Packet Internet Groper, a TCP/IP utility that verifies the integrity of a network connection

10.6.1 ICMP Data Unit

Figure 10.6 shows the packet format for ICMP. An ICMP packet header is always 8-
bytes long. The first four bytes always have the same meaning, and the contents of the
remaining four depend on the ICMP packet type.
 IP 33

0 1 2 31

Figure 10.6: ICMP v4 Packet format and how it is encapsulated in the MAC frame

& ICMP is a TCP/IP network layer protocol used by routers and TCP/IP hosts for building and mainta

The first four bytes of the header always contain the message type, message
code, and a 16-bit checksum. The message format depends on the value of the type
field. The Message Type indicates which ICMP message is present, and the
Message Code qualifies this for meaning specific to the type of message. Table
10.3 lists the ICMP message types.

Type Message Description

0 Echo Reply Sent in direct response to an ICMP Echo
Request message.
3 Destination An error message sent when a node cannot
Unreachable forward any IP datagram toward its
destination.
4 Source Quench Sent by a destination node to slow down
the rate at which a source node sends IP
datagrams.
5 Redirect Used to tell a source node that there is a
better first hop for it to use when trying to
send IP datagrams to a given destination.
8 Echo Sent by a node to probe the network for
reachability to a particular destination.
9 Router Used by a router to tell hosts in its network
Advertisement that it exists and is ready for service.
10 Router Used by a host to discover which routers
Solicitation are available for use.
33 COMPUTER NETWORKS AND

11 Time ExceededAn error message generated by a router

when it cannot forward an IP datagram
because the TTL has expired.
12 Parameter An error sent by any node that discovers
Problem a problem with an IP datagram it
has
received.
13 Timestamp Used to probe the network for the
Request transmission and processing latency of
messages to a given destination.
14 Timestamp Used in direct response to a Timestamp
Reply Request message.
15 Information Used by a host to discover the subnet to
Request which it is attached.
16 Information Used in direct response to an Information
Reply Request message.
17 Address Mask Used by a host to discover the subnet mask
Request for the network to which it is attached.
18 Address Mask Used in direct response to an Address
Reply Mask Request message.
Table10.3: Summary of ICMP Message Types

10.6.2 ICMP Version 6 Protocol

IP v 6 uses an ICMP v 6 protocol. It offers different functionality than the previous
version of ICMP. For example, while the IP v4 protocol uses ARP and RARP to translate
IP addresses into link addresses and vice versa, ICMP v 6 deals with the translation of IP
addresses into link addresses.
With regard to packet structure, the ICMP packet has a higher-layer protocol; thus,
the Base header of the IP protocol as well as Next headers, if necessary.
The ICMP type field contains the message type (approximate classification of the
message) and the ICMP code field specifies the detailed classification of the message.
ICMP message types are divided in two intervals:
o The 0 to 127 interval for error messages
o The 128 to 255 interval for informational messages
The function of the ICMP messages shown in Table 10.4 within the 0-129 interval
is similar to the ICMP messages in the IP version 4 protocol. Therefore, it is worth taking
a look at the remaining message types.
Description
1 Destination unreachable
0 No route to destination
1 Communication with destination administratively
prohibited
 IP 33

3 Address unreachable
4 Port unreachable
2 0 Packet too big
3 Time exceeded
0 Hop limit exceeded in transit
1 Fragment reassembly time exceeded
4 Parameter Problem
0 Erroneous header field encountered
1 Unrecognized Next header
2 Unrecognized IP version 6 option encountered
128 0 Echo request
129 0 Echo reply
133 0 Router solicitation
134 0 Router advertisement
135 0 Neighbor solicitation
136 0 Neighbor advertisement
137 0 Redirect message
Table 10.4: The function of the ICMP v6 messages
All control messages that were not used such as timestamp, timestamp reply, source
quench, information request and reply are moved and most of there functions are
incorporated into other protocols.
The format of the ICMPv6 header is the same format as ICMPv4. The type field
indicates the type of the message. Its value determines the format of the remaining data.
Error messages are identified as such by 0 a 0 in the high-order bit of their message Type
field values. Thus, error messages have message Types from 0 to 127; informational
messages have message Types from 128 to 255. The code field depends on the message
type and further identifies the ICMP message.
ICMPv6 is not backwards compatible with ICMPv4. It uses the next-header
function of IP and the next-header type of 56.

ICMP redirects can modify a router’s routing table, so sometimes hackers try to subvert routers by issui

10.7 Internet Group Management Protocol (IGMP)

IGMP is a TCP/IP network layer protocol used to exchange information on the
status of membership in multicast groups between routers on the network. In other words,
once a router becomes aware that there are hosts on a locally attached network that are
members of a particular multicast group, it advertises this information to other routers on
the internetwork so that multicast messages are forwarded to the appropriate routers.
33 COMPUTER NETWORKS AND

Internet Group Management Protocol solves many problems associated with

multicast addressing including:
S Starting and terminating groups.
S Choosing the group address.
S Adding new sender or receiver hosts to the group.
S Controlling how anyone join a group and send to, or receive from, that group.
S Controlling the group membership restriction and defining the responsibility for
this.
Do group members know the identities of the other group members as part of the
network layer protocol?
The manner the network routers interoperate with each other to deliver a multicast
datagram to all group members.
As a result the simple host membership reporting protocol (IGMP) is the basic
building block for multicasting. But what does multicasting and multicast group mean?

10.7.1 Multicasting and Multicast Group

Multicasting is a way to send a message to multiple recipients. Multicasting imposes
less overhead in comparison with broadcasting on hosts that are not participating in the
communication, so in many applications it is preferred to be used.
A number of emerging network applications requires the delivery of packets from
one or more senders to a group of receivers. These applications include bulk data transfer,
streaming continuous media, shared data applications, data feeds, and interactive gaming.
For each of these applications, an extremely useful abstraction is the notion of a
multicast: the sending of a packet from one sender to multiple receivers with a single
"transmit" operation.
With multicast communication, we face two problems that are much more
complicated than in the case of unicast:
S How to identify the receivers of a multicast datagram?
S How to address a datagram sent to these receivers?
If datagram will carry the IP addresses of all of the multiple recipients, the amount
of addressing information in the datagram would swamp the amount of data actually
carried in the datagram's payload field and requires that the sender knows the identities
and addresses of all of the receivers.
Instead of carrying all addresses, a single "identifier” is used for the group of
receivers and a copy of the datagram that is addressed to the group using this single
"identifier" is delivered to all of the multicast receivers associated with that group. The
multicast address is the single "identifier” that represents a group of receivers. In this case
the multicast group is the group of receivers associated with this address. The multicast
group abstraction is illustrated in Figure 10.7. Here, all hosts, labeled as a members, are
associated with the multicast group address of MCG address and will receive all
datagrams addressed to that multicast address. The difficulty that we must still address is
 IP 33

the fact that each host has a unique IP unicast address that is completely independent
of the address of the multicast group in which it is participating.
An IP multicast group, also known as a host group, is a set of hosts with an
assigned multicast IP address. Members of the group still retain their own IP addresses,
but also have the ability to absorb data that has been sent to the multicast address. Any
system may belong to zero or more multicast groups. IP multicast traffic is sent to a single
MAC address but processed by multiple IP hosts. A specific host listens on a specific
IP multicast address and receives all packets to that IP address. The following are some of
the additional aspects of IP multicasting:
H Host group membership is dynamic; hosts can join and leave the group at any
time.
A host group can be of any size.
Members of a host group can span IP routers across multiple networks. This
situation requires IP multicast support on the IP routers and the ability for hosts to
register their group membership with local routers. Host registration is
accomplished using IGMP.
A host can send traffic to an IP multicast address without belonging to the
corresponding host group.
member member

IP 1 IP 2

member

IP 8

IP 3
IP 7
MCI
Address
member

IP 4

IP 6
member
IP 5
-->

Figure 10.7: Illustration of the multicast group

& Multicast is based on the concept of a group. An arbitrary group of receivers expresses an interest in
33 COMPUTER NETWORKS AND

10.7.2 IGMP Function

Like ICMP, IGMP is a service protocol for IP. IGMP packets are wrapped into IP
datagrams as shown in Figure 10.8. It is used for forwarding multicasts. Hosts use the
IGMP to report their group memberships to neighboring routers that support multicast
routing. The report are sent to the IP multicast address that belongs to the group that
the host is joining.

0 19 20 27

Figure 10.5: Encapsulation of an IGMP message within an IP datagram.

To assure that their membership information is complete, the IGMP enables
routers to poll hosts periodically, asking for reports of their current membership. The polls
are sent to the all-hosts multicast IP address.
For a host to receive IP multicasts, an application must inform IP that it will receive
multicasts at a specified IP multicast address. If the network technology supports
hardware-based multicasting, the network interface is told to pass up packets for a specific
IP multicast address. In the case of Ethernet, the network adapter is programmed to
respond to a multicast MAC address corresponding the specified IP multicast address.

MMembership in a multicast group on a given interface is dynamic-it changes over time as processes join a

Implied here is that a host identifies a group by the group address and the interface.
A host must keep a table of all the groups that at least one process belongs to, and a
reference count of the number of processes belonging to the group.
The Internet Group Management Protocol (IGMP) provides a dynamic service to
registered individual hosts in a multicast group on a particular network. It is used for
TCP/IP between a receiver and its immediate multicast-enabled routers reporting multicast
group information. This protocol has several versions and is required on all machines that
receive IP multicast.

10.7.3 IGMP Message

When a host wants to join a group, the group's multicast address receives an IGMP
message stating the group membership. The local multicast router receives this message
and constructs all routes by propagating the group membership information to other
multicast routers throughout the network.
The IGMP packet format has several versions; Figure 10.9 shows three versions of
this protocol.
 IP 33

S Version: 8 bits Field indicate the message type, which may be one of the
following:
o 0x11: IP Membership query ("Are there any members on the LAN?")
o 0x12: IGMPv1 Membership Report
o 0x16: IGMPv2 Membership Report
o 0x17: IGMPv2 Leave Group
Hosts send IGMP membership reports corresponding to a particular multicast group,
expressing an interest in joining that group.
S Maximum Response Time (MRT): 8 bits field is used only in router requests and
specifies (in tenths of a second) the time that members of the group have to repeat
their requests for membership in the group. In all other cases, the MTR field has a
value of 0.
S Checksum: 16 bits field is calculated to control the errors that may have occurred
in the header.
S IP group address: field is zero for a general request, and in all other cases,
specifies the particular IP address of a multicast.
16 31

VersionPriority Unused Checksum

Group addresses

Version M ax iinuin response time Checksum

Group addresses

Vcrsion Checksum
Group IP addresses

(D)

Figurc 10.9: IGMP Data Unit, Vcrsion I (A), Vcrsion 2 (B), Vcrsion 3 (C), and thc othcr
common part included in all version's data unit
IGMP version 3 supports two modes:
o Include mode: In this mode a receiver announces the membership to a
host group and provides a list of source addresses from which it wants
to receive traffic.
o Exclude mode: With this mode, a receiver expresses the membership to a
multicast group and provides a list of source addresses from which it does
not want to receive traffic.
With the leave group message, hosts can report to the local multicast router that they
intend to leave the group. If any remaining hosts are interested in receiving the traffic, the
33 COMPUTER NETWORKS AND

router transmits a group-specific query. In this case, if the router receives no response, the
router times out the group and stops forwarding the traffic.
Every IGMP data unit contains the flowing common fields:
S Resv: The Resv field is set to 0 and is reserved for future development.
S S flag: This is one bit field to suppress router-side processing.
S QRV: three bits field indicates the querier’s robustness variable.
S QQIC: 8 bits field indicates the querier's query interval code.
S N: 16 bits field shows the number of sources
S Source Address |i]: provides a vector of N individual IP addresses.

10.7.4 IGMP Reports and Queries

IGMP messages are used by multicast routers to keep track of group membership on
each of the router’s physically attached networks. The following rules apply.
1. A host sends an IGMP report when the first process joins a group. If multiple
processes on a given host join the same group, only one report is sent, the first time a
process joins that group. This report is sent out the same interface on which the
process joined the group.
2. A host does not send a report when processes leave a group, even when the last
process leaves a group. The host knows that there are no members in a given group, so
when it receives the next query (next step), it won't report the group.
3. A multicast router sends an IGMP query at regular intervals to see if any hosts still
have processes belonging to any groups. The router must send one query out each
interface. The group address in the query is 0 since the router expects one response
from a host for every group that contains one or more members on that host.
4. A host responds to an IGMP query by sending one IGMP report for each group
that still contains at least one process.
Using these queries and reports, a multicast router keeps a table of which of its
interfaces have one or more hosts in a multicast group.

H Due to the dynamic nature of the IPv6 and its Neighbor Discovery protocols (routers and hosts), IGMP fun

10.8 Address Resolution Protocol

Address resolution provides a mapping between the two different forms of
addresses: 32-bit IP addresses and whatever type of address the data link uses.
ARP provides a dynamic mapping from an IP address to the corresponding
hardware address. We use the term dynamic since it happens automatically and is normally
not a concern of either the application user or the system administrator.
 IP 33

Address Resolution Protocol (ARP) functions as a translator between IP addresses

and Physical addresses. Every Internet host and router on a LAN has an ARP module. To
motivate ARP, consider the network shown in Figure 10.10. In this figure each node has
an IP address and each node’s adapter has a Physical address (MAC address). Now
suppose that the node A with IP address (IP a) wants to send an IP datagram to node C
with IP address (IP c). To accomplish this task, the sending node must give its adapter not
only the IP datagram but also the Physical address for node c (MAC c).

W ARP is plug-and-play, that is, a node’s ARP table gets built automatically, and it doesn’t have to be

MAC a

IP b f

MAC b
MAC c LANl
c MAC d
IP c
IP d
Figure 10.10: Each node on a LAN has an IP address, and each node’s adapter has a
Physical address.
When passed the IP datagram and the Physical address, the sending node’s adapter
can construct a data link layer frame and broadcast the frame into the LAN. The ARP
module in each node has a table in its RAM called an ARP table. This table contains
the mappings of IP addresses to Physical addresses.
Sending node needs to obtain the Physical address of the destination node, given the
IP address of that node. This task is easy if the destination node has an entry in the sending
node’s ARP table.
IP address Physical address TTL
IP b MAC b 13:45:00
IP c MAC c 13:52:00
Table 10.5: A possible ARP table in node A

U Each host has exactly one IP address and one adapter, while each router has an IP address for each of
 IP 34

MThe query ARP message is sent within a broadcast frame whereas the response ARP message is sen

10.8.1 ARP Packet Format

The ARP packet format is shown in Figure 10.11. ARP packets are wrapped directly
into the MAC frame, i.e., they are not preceded by an IP header. The ARP protocol is
in fact independent of the IP protocol. That is why even other protocols that have nothing
in common with the TCP/IP protocol family can use it.

Figure I 0.1 I: ARP packet format

Hardware type: This field specifies the link protocol used on the LAN.
Protocol type: specifies the network’s protocol type.
Hardware address of the sender: field sets the length of a link address and the
sender. By default, HS=6.
Protocol address of the sender: field sets the length of a network address. By
default PS=4.
Operation code field: specifies which operation is running. The ARP request has
a value of 1 and the ARP reply has a value of 2. This field is also defined for
the reverse translation (RARP protocol), where the RARP request uses a value of
3 and the RARP reply has a value of 4.
Hardware Address Length: Hardware address length is the length of each
hardware address in the datagram, given in bytes.
Protocol Address Length: Protocol address length is the length of the protocol
address in the datagram, given in bytes.
Recipient Hardware Address: The recipient hardware address is the hardware
address of the recipient device.
34 COMPUTER NETWORKS AND

S Recipient IP Address: The recipient IP address is the IP address of the recipient

device.

& Neighbor discovery (ND) is introduced; it uses ICMPv6 messages in order to determine link-layer addresse

10.9 Reverse Address Resolution Protocol (RARP)

This protocol can be used to obtain an IP address from the host’s hardware address,
when a network station knows its MAC address but does not know its IP address.
Obviously a RARP server is required for this technique to be used.
RARP is suited to diskless hosts on a small network and fails to provide a useful
service with larger networks due to its use of broadcasting to communicate with the server,
as routers do not forward these packets.
RARP uses the ARP packet format and does not involve IP; therefore, this packet
cannot be routed. This protocol has been in use for some time, but there are other protocols
that do a better job.

& There are other protocols for address assignment that do a better translation such as BOOTP and DHCP be

The packet format for a RARP packet is the same as for ARP. The only difference is
that the field that will be filled in will be the sender’s physical address. The IP address
fields will be empty. A RARP server will receive this packet, fill in the IP address fields,
and reply to the sender—the opposite of the ARP process.
RARP suffers from the same problems as static addressing. As a RARP server
maintains a data base relating hardware addresses to IP addresses, any change in the IP
addressing scheme requires a manual update of the data base. Thus, maintenance of a large
RARP data base can be expensive.

10.10 Quick Review

â• TCP/IP became the main suite protocol in communication. It is a family of protocols working together to pro
â• The main goal of IP is to provide interconnection of sub-networks to form an internet in order to pass data. It
 IP 34

IP is a best-effort datagram service that provides the delivery mechanism for all
other Internet protocols. The standard IP header is 20 bytes long, but may be
followed by up to 40 bytes of options. IP can split large datagrams into fragments
to be transmitted and reassembles the fragments at the final destination.
In addition to internetwork routing, IP provides error reporting and fragmentation
and reassembly of datagrams for transmission over networks with different
maximum data unit sizes.
IP version 6 has not only enlarged the IP address size from 4 to 16 bytes, but also
offers a revamped view of the IP datagram. One of the more interesting changes to
IP with version 6 is the concept of concatenated headers. Extension headers form
chains. The chain contains only those headers that are necessary. IPv6 and IPv4
nodes can peacefully coexist on a network using tunneling.
Today’s computers can now be easily carried around and used anywhere. In
wireless connectivity the point of attachment may change, Mobile IP allows a node
to change its point of attachment to the Internet without needing to change its
IP address.
ICMP is a service protocol that is part of IP. It is used to signal abnormal events in
networks built on the IP protocol. ICMP packets are wrapped into an IP datagram.
This protocol offers flow control and error-detection to the unreliable delivery
method of IP. One of the most common uses for ICMP is the PING program.
ICMPv6 is not backwards compatible with ICMPv4.
IP v 6 uses an ICMP v 6 protocol. It offers different functionality than the previous
version of ICMP. For example, ICMP v 6 deals with the translation of IP addresses
into link addresses.
Internet Group Management Protocol solves many problems associated with
multicast addressing
IGMP communicates IP multicast membership information between hosts and
routers on a single network. IGMP membership reports are generated when an
interface joins a group, and on demand when multicast routers issue an IGMP
report query message.
Multicast routers share the IGMP information they collect with each other to route
multicast datagrams toward remote members of the multicast destination group.
ARP provides the dynamic mapping between IP addresses and hardware addresses.
It functions as a translator between IP addresses and Physical addresses.
RARP can be used to obtain an IP address from the host’s hardware address, when
a network station knows its MAC address but does not know its IP address. It
is suited to diskless hosts on a small network.

10.11 Self Test Questions

A- Answer the following questions
1. Why has TCP/IP become the main protocol in communication?
2. What does forwarding mean?
3. What are the main goal and the main functions of IP?
34 COMPUTER NETWORKS AND

4. Explain the structure of IP v4 data unit.

5. Explain the structure of IP v6 data unit.
6. Why is fragmentation process some times necessary?
7. What is the importance of TTL field?
8. What are the differences between IP v4 and IP v6 data units?
9. What is the role of Next header field?
10. What are the types of extension headers?
11. What are the most common uses of ICMP?
12. Explain how ICMP data unit can be encapsulated in the MAC frame.
13. How does the ICMP used by IP v4 differ from ICMP used by IP v6?
14. What is the IP multicast group?
15. List some problems that can be solved by IGMP.
16. How does the IGMP used by IP v4 differ from IGMP used by IP v6?
17. What is the purpose of using the ARP?
18. How does ARP work?
19. Explain the ARP packet format.
20. Where is RARP applicable?
B- Identify the choice that best completes the statement or answers the
question.
1. of the IP header elements is never modified during the IP
fragmentation process.
a. The Identification field
b. The More Fragments bit
c. The Fragment Offset field
d. The TimeTo Live field
2. A IP address identify
a. A network
b. A computer
c. A network interface adapter
d. A network and a network interface adapter
3. makes the trace route utility possible.
a. Version c. Type of Service
b. Identification d. Time to Live
4. is responsible for responding to a ping request.
a. ICMP c. TCP
b. ARP d. UDP
resolves IP addresses to MAC addresses.
a. DNS c. ARP
b. NetBIOS d. TCP
6. is the process when a Network layer protocol subdivides the segments
it receives from the Transport layer into smaller packets.
a. segmentation c. sequencing
b. fragmentation d. reassembly
7. Which of the following is TRUE statment about TCP/IP?
a. TCP/IP comprises several subprotocols
 IP 34

b. TCP/IP comprises only one protocol

c. TCP/IP has been replaced by ARP
d. TCP/IP has been replaced by IPX/SPX
8. TCP/IP has grown extremely popular because of
a. It is expensive
b. It cannot be routable
c. Its private nature made its programming code secure
d. Its open nature
9. Internet Protocol (IP) belongs to layer of the OSI Model.
a. Network c. Transport
b. Data Link d. Application
10. allows TCP/IP to internetwork.
a. TCP c. IP
b. UDP d. ARP
11. A packet is also known as in the context of TCP/IP.
a. TCP/IP flow c. IP packet stream
b. IP segment d. IP datagram
12. What can be said about IP? (Choose 2)
a. IP is a reliable protocol
b. IP is an unreliable protocol
c. IP is a connection-oriented protocol
d. IP is a connectionless protocol
13. What can be said about IP?
a. IP is a reliable protocol
b. IP operates a the Data Link layer of the OSI Model
c. IP contains a header checksum field
d. IP checksum also verifies the integrity of the message
14. field of the IP datagram identifies the number of 4-byte (or 32-bit) blocks in the
IP header.
a. Flags c. Total length
b. Internet Header Length b. Version
15. field of the IP datagram informs routers what level of precedence they
should apply when processing the incoming packet.
a. Differentiated Services c. Total Length
b. Options d. Flags
16. field of the IP datagram identifies the message to which a datagram
belongs and enables the receiving node to reassemble fragmented messages.
a. Fragment Offset c. Identification
b. Internet Header Length d. Flags
17. field of the IP datagram indicates the maximum time that a datagram can
remain on the network before it is discarded.
a. Flags c. Total Length
b. TTL d. Options
18. What is the network layer protocol that reports on the success or failure of data
delivery?
a. IP c. TCP
34 COMPUTER NETWORKS AND

b. ARP d. ICMP
19. Which oh the following is TRUE statment about ICMP?
a. ICMP can correct detected errors
b. ICMP identifies and corrects network errors
c. ICMP cannot correct detected errors
d. ICMP can correct but cannot identify network errors
20. What is the network layer protocol that obtains the MAC (physical) address of a host,
or node, then creates a data base that maps the MAC address to the host’s IP (logical)
address?
a. ARP c. UDP
b. IP d. DNS
21. Which of the following is TRUE statment about ARP?
a. ARP creates an ARP table for efficiency
c. ARP creates an ARP table for security
b. ARP does not create a MAC-to-IP table
d. ARP table and ARP cache are two completely different things
22. type(s) of entries an ARP table can contain.
a. 1 c. 2
b. 3 d. 4
23. What are the ARP table entries that are created when a client makes an ARP
request that cannot be satisfied by data already in the ARP table?
a. Fixed entries c. Static entries
b. New entries d. Dynamic entries
24. is the name of the protocol that allows a client to send a broadcast message with
its MAC address and receive an IP address in reply.
a. ARP c. RARP
b. DNS d. RDNS
25. kind(s) of addresses a network can recognize.
a. 2 c. 3
b. 4 d. 5
26. is the core protocol responsible for logical addressing for TCP/IP.
a. MAC c. TCP
b. ARP d. IP
27. are a PDU used at the network layer.
a. Packets c. Bits
b. Frames d. Segments
28. is a Network layer protocol used to resolve a logical (IP) address to a physical
(MAC) address.
a. ICMP c. DHCP
b. ARP d. NAT
29. How many different fields does the IP header have?
a. 5 c. 14
b. 10 d. 28
30. In the Internet Protocol, the Destination IP Address field is examined by a
a. bridge. c. switch.
b. router. d. server.
 IP 34

31. What is the layer in the TCP/IP model that handles software, or logical, addressing?
a. Internetwork c. Transport
b. Application d. Network Interface
32. What is the protocol that resolves IP addresses to MAC addresses for source hosts that
knows the IP addresses of the destination host but not the MAC address?
a. ICMP c. RARP
b. ARP d. CARP
33. How many different groups of IP addresses exist on the Internet?
a. Three c. Five
b. Four d. Six
34. What is the name of tables of the MAC and IP addresses of other devices on the
network that many network devices maintain?
a. reference c. ARP
b. destination d. APR
35. The device that discovers its own IP address in the IP header of the ARP request
packet reads the rest of the packet and returns an ARP
a. confirm c. answer
b. ACK d. reply
36. can route between autonomous systems.
a. IGRP c. BGP
b. RIP d. IGP