UNIVERSITY OF SCIENCE, VNU-HCM

FACULTY OF ELECTRONICS AND TELECOMMUNICATIONS

DEPARTMENT OF TELECOMMUNICATIONS AND NETWORKS

COURSE
BASIC COMPUTER NETWORK

Chapter 1 The IPv4 Header

IP VERSION 4
04
Editor: Nguyen Viet Ha, Ph.D.

Reference: Peter L Dordal

Cisco Academy, CCNAv7: Introduction to Networks [Online], available at: www.netacad.com

Lecturer: Nguyen Minh Tri, Ph.D. Email: [email protected] 2

1. The IPv4 Header 1. The IPv4 Header

Version: Contains a 4-bit binary value identifying
the IP packet version. For IPv4 packets, this field
is always set to 0100.

Differentiated Services (DS) (Type of Service - ToS) field: 8-bit field

used to determine the priority of each packet.
The first 6 bits identify the Differentiated Services Code Point
(DSCP) value that is used by a quality of service (QoS) mechanism.
The last 2 bits identify the Explicit Congestion Notification (ECN)
value that can be used to prevent dropped packets during times of
network congestion.

3/66
/50 4/66
/50
 1. The IPv4 Header 1. The IPv4 Header
Time-to-Live (TTL): Contains an 8-bit binary Internet Header Length (IHL) - Contains a
value that is used to limit the lifetime of a packet 4-bit binary value identifying the number of 32-bit
(referred to as hop count). words in the header. The IHL value varies due to the Options and
Decreased by one each time the packet is processed by a router, or Padding fields.
hop. If the TTL field decrements to 0, the router discards the packet
and sends an Internet Control Message Protocol (ICMP) Time Minimum: 5 Maximum: 15
Exceeded message to the source IP address.
Protocol: This 8-bit binary value indicates the data payload type Total Length (Packet Length), this 16-bit field defines the entire
(upper-layer). packet (fragment) size, including header and data, in bytes.
ICMP (0x01), TCP (0x06), and UDP (0x11) . Minimum: 20 -> Maximum: 65,535 bytes.

Source IP Address - Contains a 32-bit binary value that represents

the source IP address of the packet. Header Checksum - The 16-bit field is used for error checking of the
IP header.
Destination IP Address - Contains a 32-bit binary value that If the values do not match, the packet is discarded.
represents the destination IP address of the packet.
5/66
/50 6/66
/50

1. The IPv4 Header

A router may have to fragment a packet when
forwarding it from one medium to another medium
that has a smaller MTU.

Identification - This 16-bit field uniquely identifies the fragment of an

original IP packet.

Flags - This 3-bit field identifies how the packet is fragmented. It is 2 Fragmentation
used with the Fragment Offset and Identification fields to help
reconstruct the fragment into the original packet.
DF: D Fragments flag, MF: More Fragments flag

Fragment Offset - This 13-bit field identifies the order in which to

place the packet fragment in the reconstruction of the original
unfragmented packet.
7/66
/50 8
 2. Fragmentation 2. Fragmentation
Suppose A addresses a packet of 1500 bytes to B, and sends it via the
MTU is smaller than the packet that needs forwarding.
LAN to the first router R1. The packet contains 20 bytes of IPv4 header
Fragmentation (vs. reassembly) and 1480 of data.
Marks the start position of the
For different packets data portion of each fragment
A R1 FragOffset R2 R3 FragOffset
1st Fragment 1st Fragment
2nd Fragment 2nd Fragment
3rd Fragment 3rd Fragment
4th Fragment 4th Fragment
5th Fragment 5th Fragment

R1 R2 FragOffset R3 B FragOffset
1st Fragment 1st Fragment
2nd Fragment 2nd Fragment
3rd Fragment 3rd Fragment
4th Fragment 4th Fragment

9/66
5th Fragment 5th Fragment 10
/50

2. Fragmentation 2. Fragmentation
Flag (3 bits) Reassembly timer
More Fragment
If a fragment arrives, a buffer is allocated.
reserved
(DF) (MF) o Because of the field, the fragment can then be
stored in the buffer in the appropriate position.
Reassembly timer is started.
Must be 0 Must not fragment Set to 1 for all fragments except the final one.
the packet and
must drop it
Tells the receiver where the fragments stop When all fragments have arrived, the packet is sent on up as a
instead. completed IPv4 packet.

The fragments may not arrive in order.

On the other hand, if the reassembly timer expires, all the pieces
The reassembler must identify when different arriving packets are
fragments of the same original, and must figure out how to received so far are discarded.
reassemble the fragments in the correct order.

11/66
/50 12/66
/50
 3. Interfaces
IP addresses are assigned not to hosts or nodes, but to interfaces.
E.g., LAN interface in PC.

3 Interfaces

13 14/66
/50

3. Interfaces 3. Interfaces
Loopback interface Multihomed hosts
Providing a way to deliver IP packets to other processes on the same A non-router host with multiple non-loopback network interfaces is
machine. often said to be multihomed.
o IPv4 loopback address: 127.0.0.1 o Interfaces are been used simultaneously, with different IP
o IPv6 loopback address: ::1 addresses assigned to each.

Client/server testing.
Check the processes in current host. o E.g., Laptops have both an Ethernet interface and a Wi-Fi
interface.

Virtual interface
VPN connections.
Virtual machine

15/66
/50 16/66
/50
 4. Special Addresses
Private addresses
IPv4 addresses intended only for site internal use.
If a packet shows up at any non-private router (e.g., at an ISP
router), with a private IPv4 address as either source or destination
address, the packet should be dropped.

4 Special Addresses

o 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)

o 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
o 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
17 18/66
/50

4. Special Addresses 4. Special Addresses

Broadcast addresses Multicast addresses
Used in conjunction with LAN-layer broadcast. Delivering to a specified set of addresses.
o Sending a packet from one host to all hosts in the network. o
Video and audio broadcasts
Routing information exchange Distribution of software
by routing protocols Remote gaming

The address with first byte beginning 1110.

o 224.0.0.0 to 239.255.255.255.
Link local - 224.0.0.0 to 224.0.0.255 (E.g., routing
information exchanged by routing protocols)
Globally scoped addresses - 224.0.1.0 to 238.255.255.255
(E.g., 224.0.1.1 has been reserved for Network Time Protocol)
19/66
/50 20/66
/50
 4. Special Addresses 4. Special Addresses
Link Local Addresses: Public Addresses:
A network address that is valid only for communications within the These addresses are designed to be used in the hosts that are
network segment or the broadcast domain that the host is connected publicly accessible from the Internet.
to.
Address Range: 169.254.0.0 to 169.254.255.255
Can be automatically assigned by the operating system where no IP
configuration is available.

Only used when no external, stateful mechanism of address

configuration exists, such as the Dynamic Host Configuration
Protocol (DHCP), or when another primary configuration method has
failed.
21/66
/50 22/66
/50

5. The Classless IP Delivery Algorithm

Binary Game:
https://learningnetwork.cisco.com/s/binary-game

5 The Classless IP Delivery Algorithm

23 24/66
/50
 5. The Classless IP Delivery Algorithm 5. The Classless IP Delivery Algorithm
Classful (discontinuation) Classless
Fixed the network portion and host portion Dynamic network portion and host portion
o Have to use Subnet Mask

High Number of Number Number of

First Octet Number of
Class Order Network of Host Hosts per
Range Networks
Bits Bits Bits Network

A 0 0-127 8 24 128 16,777,216

B 10 128-191 16 16 16,384 65,536
C 110 192-223 24 8 2,097,152 256
D 1110 224-239 Used for Multicasting to multiple hosts.
E 1111 240-255 Reserved for research and development.

25/66
/50 26/66
/50

5. The Classless IP Delivery Algorithm 5. The Classless IP Delivery Algorithm

Classless IP Destination
Dynamic network portion and host portion Local
o The host delivers the packet to its final destination via the LAN
connected to the corresponding interface.
Non-Local
o The host lookup the forwarding table and sends the packet to
the associated next_hop.

The forwarding table may also

contain a
, which it may
return in cases when the
destination does not match any
prefix length = 24 192.168.10.0/24 known network. (0.0.0.0/0)
27/66
/50 28/66
/50
 6. IPv4 Subnets
Subnet
Idea: A site to appear to the outside world as a single IP network,
but for further IP-layer routing to be supported inside the site.

Hierarchical routing:
6 IPv4 Subnets first we route to the
primary network, then
inside that site we
route to the subnet,
and finally the last hop
delivers to the host.

29 30/66
/50

6. IPv4 Subnets 6. IPv4 Subnets

Borrowing Bits (of Host portion) to create Subnets

Network: 192.168.1.0/25
Mask: 255.255.255.128

Network: 192.168.1.128/25
Mask: 255.255.255.128

31/66
/50 32/66
/50
 6. IPv4 Subnets 6. IPv4 Subnets

Address Range of 192.168.1.0/25 subnet Address Range of 192.168.1.128/25 subnet

33/66
/50 34/66
/50

6. IPv4 Subnets
Need 4 Subnets?
Borrowing 2 bits to create 4 subnets. 22 = 4 subnets

7 VLSM (Variable Length Subnet Masking)

35/66
/50 36
 7. VLSM 7. VLSM
Traditional subnetting - same number of addresses is allocated for each Variable Length Subnet Mask (VLSM) or subnetting a subnet
subnet. provides more efficient use of addresses.

VLSM enables a network number to

be configured with different subnet
masks on different interfaces.

Network is first subnetted, and then

the subnets are subnetted again.

Subnets that require fewer addresses have unused (wasted) addresses. Process repeated as necessary to
For example, WAN links only need 2 addresses. create subnets of various sizes.

37/66
/50 38/66
/50

7. VLSM 7. VLSM

192.168.20.64/27 192.168.20.128/27
10.0.0.0/8 Subnet using /16
192.168.20.0/27 192.168.20.128/27
Subnet 1st Host Last Host Broadcast
10.0.0.0/16 10.0.0.1 10.0.255.254 10.0.255.255
10.1.0.0/16 10.1.0.1 10.1.255.254 10.1.255.255
10.2.0.0/16 Subnet
10.2.0.1 1st Host
10.2.255.254 Last Host
10.2.255.255 Broadcast
192.168.20.32/27 192.168.20.96/27 192.168.20.64/27
10.3.0.0/16 10.2.0.0/24
10.3.0.1 10.2.0.1
10.3.255.254 10.2.0.254
10.3.255.255 10.2.0.255
Sub-subnet
Etc. 10.2.1.0/24 10.2.1.1 10.2.1.254 10.2.1.255 7 Networks with 30 usable
Using /24
10.255.0.0/16 10.2.2.0/24 10.2.2.1
10.255.0.1 10.255.255.254 10.2.2.254
10.255.255.255 10.2.2.255 addresses for each network
Etc.
10.2.255.0/24 10.2.255.1 10.2.255.254 10.2.255.255
Wasted 28 addresses on each
WAN link

39/66
/50 40/66
/50
 7. VLSM 7. VLSM

192.168.20.32/27 192.168.20.96/27 Steps for VLSM:

1. List the number of hosts required per network beginning with the
192.168.20.0/27 192.168.20.64/27
largest to the smallest.
2. Convert the subnet mask to binary.
3. Draw a line where the network portion ends.
4. Ask yourself the question
192.168.20.192/30 192.168.20.196/30 192.168.20.200/30

5. Move the line to show your new network portion.

6. Determine your new magic number.
7. Finish subnetting using the new magic number.

The starting address is always the first network.

You cannot go past the network of the .

41/66
/50 42/66
/50

8. Address Resolution Protocol: ARP

If a host finds that the destination IP address matches the network
address of one of its interfaces, it is to deliver the packet via the LAN.
Looking up the LAN address (MAC address).
ARP

8 Address Resolution Protocol: ARP

ARP cache: Storing of <IPv4,LAN> address pairs for other hosts on
the network.
ARP-cache entries eventually expire. The timeout interval used to be
on the order of 10 minutes, but Linux systems now use a much
smaller timeout (~30 seconds observed in 2012).

43 44/66
/50
 8. Address Resolution Protocol: ARP

Dynamic Host Configuration Protocol

9 (DHCP)

45/66
/50 46

9. Dynamic Host Configuration Protocol (DHCP) 9. Dynamic Host Configuration Protocol (DHCP)
DHCP works in a client/server mode. Lease Origination: 4 Step Process.
When the client connects, the server assigns or leases an IP address
to the device.
The device connects to the network with that leased IP address until
the lease period expires.
The host must contact the DHCP server periodically to extend the
lease.
The leasing of addresses assures that addresses that are no longer
used are returned to the address pool for use by other devices.

47/66
/50 48/66
/50
 9. Dynamic Host Configuration Protocol (DHCP)
Lease Renewal: 2 Step Process

Internet Control Message Protocol

10 (ICMP)

49/66
/50 50

10. Internet Control Message Protocol 10. Internet Control Message Protocol
ICMP is a protocol for sending IP-layer error and status messages. The Destination Unreachable type has a large number of subtypes:
ICMP messages are identified by an 8-bit type field. Network unreachable: some router had no entry for forwarding
the packet, and no default route.
Queries
sent by one host
to another

Error

sent by
a
router
to the
sender

,
51/66
/50
192.168.4.1 52
 10. Internet Control Message Protocol 10. Internet Control Message Protocol
The Destination Unreachable type has a large number of subtypes: The Destination Unreachable type has a large number of subtypes:
Network unreachable: some router had no entry for forwarding Host unreachable: the packet reached a router that was on the
the packet, and no default route. same LAN as the host, but the host failed to respond to ARP queries
192.168.1.0/24 F0/0 192.168.1.0/24 F0/0
192.168.2.0/24 F0/1 192.168.2.0/24 F0/1
192.168.4.0/24 ???
192.168.3.0/24 S0/0/0 192.168.3.0/24 S0/0/0
192.168.4.0/24 S0/0/0
ICMP Request

192.168.4.1 53 192.168.4.100 54

10. Internet Control Message Protocol 10. Internet Control Message Protocol
The Destination Unreachable type has a large number of subtypes: The Destination Unreachable type has a large number of subtypes:
Host unreachable: the packet reached a router that was on the Port unreachable:
same LAN as the host, but the host failed to respond to ARP queries o The packet was sent to a UDP port on a given host, but that port
was not open.
192.168.4.100 ??? TCP, on the other hand, deals with this situation by replying to
ICMP: Host Unreachable the connecting endpoint with a reset packet.

o FYI: the UDP Port Unreachable message is sent to the host, not
to the application on that host that sent the undeliverable packet,
and so is close to useless as a practical way for applications to be
informed when packets cannot be delivered.

192.168.4.100 55 56/66
/50
 10. Internet Control Message Protocol 10. Internet Control Message Protocol
The Destination Unreachable type has a large number of subtypes: The Destination Unreachable type has a large number of subtypes:
Port unreachable: Port unreachable:
o The packet was sent to a UDP port on a given host, but that port o The packet was sent to a UDP port on a given host, but that port
was not open. was not open.

ICMP: Port Unreachable

HTTP
server
not
DNS
server

192.168.4.1:53 (DNS) 57
192.168.4.1:53 (DNS) 58

10. Internet Control Message Protocol 10. Internet Control Message Protocol
The Destination Unreachable type has a large number of subtypes: The Destination Unreachable type has a large number of subtypes:
Fragmentation required but DF flag set: a packet arrived at a Fragmentation required but DF flag set: a packet arrived at a
router and was too big to be forwarded without fragmentation. router and was too big to be forwarded without fragmentation.
However, the Fragment bit in the IPv4 header was set, However, the Fragment bit in the IPv4 header was set,
forbidding fragmentation. forbidding fragmentation. Packet size is too big, must fragment.

Cannot fragment. Drop packet

MTU = 500 Bytes MTU = 500 Bytes

192.168.4.1 59
192.168.4.1 60
 10. Internet Control Message Protocol 10. Internet Control Message Protocol
The Destination Unreachable type has a large number of subtypes: The Destination Unreachable type has a large number of subtypes:
Administratively Prohibited: this is sent by a router that knows it Administratively Prohibited: this is sent by a router that knows it
can reach the network in question, but has configure intro to drop can reach the network in question, but has configure intro to drop
the packet and send back Administratively Prohibited messages. A the packet and send back Administratively Prohibited messages. A
router can also be configured to blackhole messages: to drop the router can also be configured to blackhole messages: to drop the
packet and send back nothing. packet and send back nothing.
access to Server 1. Drop the packet.

192.168.4.1 61
192.168.4.1 62

10. Internet Control Message Protocol 10. Internet Control Message Protocol
Traceroute and Time Exceeded Redirects
The traceroute program uses ICMP Time Exceeded messages. Most non-router hosts start up with an IPv4 forwarding table
consisting of a single (default) router.

A packet is sent to the

ICMP Redirect messages help hosts learn of other useful routers.
destination with the TTL
set from 1 until the
ICMP query reaches to
the destination.

o Router drops packet

having TTL=0 and
returns ICMP Time
Exceeded.
63/66
/50 64/66
/50
 10. Internet Control Message Protocol
THANK YOU FOR YOUR ATTENTION
Router Solicitation
These ICMP messages are used by some router protocols to identify
immediate neighbors.

Nguyen Minh Tri, Ph.D.

Department of Telecommunications and Networks
Faculty of Electronics and Communications
University of Science, Vietnam National University, Ho Chi Minh City
Email: [email protected]
65/66
/50