Class-based IP Addresses Summary

IP addresses are divided into five classes (A–E) based on the first few bits:
 Class A: 0xxxxxxx – 7 bits for network, 24 for host. Supports 126 networks with ~16 million
hosts each. Ideal for very large networks.
 Class B: 10xxxxxx – 14 bits for network, 16 for host. Supports 16,382 networks with ~65,000
hosts each. For medium-sized networks.
 Class C: 110xxxxx – 21 bits for network, 8 for host. Supports ~2 million networks with 254
hosts each. Used for small networks.
 Class D: 1110xxxx – Reserved for mul cas ng.
 Class E: 11110xxx – Reserved for experimental use.
Special IP Address Uses
 0.0.0.0: Refers to "this host" or "this network".
 255.255.255.255: Broadcast to all hosts on the local network.
 127.0.0.0/8: Loopback addresses (e.g., 127.0.0.1 for local tes ng).
 169.254.0.0/16: Link-local addresses (used when DHCP fails).
 192.0.2.0/24: Test networks (non-routable, used in documenta on).
 224.0.0.0/4: Mul cast addresses.
 240.0.0.0/4: Reserved for future use.
Subne ng: Overview
Subne ng is the process of dividing a network into smaller, manageable subnetworks (subnets). It
improves IP address alloca on and network management.

Key Formulas in Subne ng

Concept Formula / Notes

Total IPs in a subnet 2n2^n2n where n = number of host bits

Usable IPs 2n−22^n - 22n−2 (exclude network & broadcast address)

Subnet mask Determined by CIDR (e.g., /26 means 26 bits for network)

Number of subnets 2n2^n2n where n = number of borrowed bits

Block size 2host bits2^{\text{host bits}}2host bits

Network address First IP in the range

Broadcast address Last IP in the range

First usable IP Network address + 1

Concept Formula / Notes

Last usable IP Broadcast address - 1

Example (Step-by-step)
Example: IP Address: 192.168.1.0/26
Step 1: Analyze the CIDR
 /26 means:
o 32 - 26 = 6 bits for host
o So, subnet mask = 255.255.255.192
→ (26 bits = 255.255.255.192)
Step 2: Calculate total & usable hosts
 26=642^6 = 6426=64 total IPs
 64−2=6264 - 2 = 6264−2=62 usable IPs
Step 3: Block size
 Block size = 26=642^{6} = 6426=64
 Subnets increment by 64 in the last octet (since it's Class C)
Step 4: Subnets created
 192.168.1.0/26
 192.168.1.64/26
 192.168.1.128/26
 192.168.1.192/26
We’ll use: 192.168.1.0/26
Step 5: Network Informa on

Detail Value

Network address 192.168.1.0

Broadcast address 192.168.1.63

First usable IP 192.168.1.1

Last usable IP 192.168.1.62

Subnet mask 255.255.255.192

Total hosts 64

Usable hosts 62
4 Methods of IP Delivery

Method Descrip on Type Example / Use Case

Sending a file from one computer to

Unicast One-to-one communica on Single host
another

ARP requests, DHCP Discover

Broadcast One-to-all communica on on a subnet All hosts
messages

One-to-many communica on (selected Host

Mul cast Streaming video to subscribers
group) group

Closest Connec ng to the nearest DNS/FTP

Anycast One-to-nearest (or first to respond)
host server

Broadcast
 One sender, all receivers on local network.
 Only connec onless protocols support broadcast.
Types of Broadcast:

Type Address Descrip on

Limited Broadcast 255.255.255.255 All hosts on local subnet, not forwarded by routers

Network-directed e.g. 128.2.255.255 All hosts on a specific (unsubne ed) network

Subnet-directed e.g. 192.168.1.255 All hosts on a specific subnet

All-subnets-directed e.g. 128.2.255.255 All hosts on all subnets in a network; rarely used

Misconfigured broadcast can flood networks. Routers use Reverse Path Forwarding (RPF) to prevent
loops.

What is NAT?
 NAT (Network Address Transla on) maps private IPs to public IPs.
 Solves the IP address exhaus on problem.
 Also called IP masquerading.
 Defined in RFC 3022 & 2663.

Types of NAT

Type Descrip on Use Case

Basic NAT Translates only IP addresses Limited public IP pool

Type Descrip on Use Case

NAPT Translates IP + Port (TCP/UDP/ICMP) (many-to-one) Home routers, mul ple users

How NAT Works

 For outgoing packets: Private IP → Public IP.
 For incoming packets: Public IP → Private IP.
 Maintains a mapping table.
 Timeout needed to release unused mappings (default ~15 min for TCP).

NAPT Example

Internal External

10.10.10.11:80 a.b.65.1:8000

10.10.10.12:80 a.b.65.1:8001

Sta c NAT
 Fixed one-to-one mapping.
 Used when external hosts need to ini ate connec ons (e.g., mail servers).

Limita ons of NAT

 Breaks end-to-end communica on (e.g., IPSec AH fails).
 Struggles with protocols carrying IPs in payload (e.g., FTP).
 Doesn’t work well with TCP/UDP fragments (except the first fragment).
 Must pass through the same NAT router for session consistency.
 Performance overhead due to packet inspec on and checksum adjustment.

IP Datagram Format (IPv4)

 Header Overview
 Minimum header size: 20 bytes (can vary with op ons).
 Fields:

Field Descrip on

Version (VERS) IP protocol version (4 for IPv4, 6 for IPv6).

Header Length
Length of header in 32-bit words (excludes data).
(HLEN)

Quality of Service (QoS): Precedence (3 bits), TOS (4 bits), MBZ (1 bit). Based
Service Type
on RFC 1349.

Total Length Total datagram size = header + data.

Iden fica on Unique ID for reassembly of fragmented packets.

Control fragmenta on:

Flags • DF (Don't Fragment)
• MF (More Fragments)

Fragment Offset Helps reassemble fragments (in 64-bit blocks).

TTL (Time to Live) Hop limit. Decremented by each router. If 0, discard.

Protocol Next layer protocol (e.g., TCP = 6, UDP = 17, ICMP = 1).

Header Checksum Validates header integrity.

Source IP Address 32-bit address of sender.

Des na on IP
32-bit address of receiver.
Address
Field Descrip on

Op ons (op onal) Used for features like security, rou ng, mestamps.

Padding Zeros added to align header to 32-bit boundary.

Data Payload sent to the next-layer protocol.

Key Field Details

Service Type (TOS/Precedence)

 Precedence (3 bits): Rou ne (000) to Network Control (111).
 TOS (4 bits):
o 1000: Minimize Delay
o 0100: Maximize Throughput
o 0010: Maximize Reliability
o 0001: Minimize Cost
o 0000: Normal Service

Op ons Field
 Not mandatory; used for advanced features.
 Two formats:
1. Single-byte (Type only)
2. Mul -byte (Type + Length + Data)
 Type byte structure:
o fc (copy on fragmenta on)
o class (2 bits): 0 = control, 2 = debugging
o op on number (5 bits)
 Common Op ons:
o 0: End of Op on List
o 1: No Opera on (NOP)
o 2: Security
o 3: Loose Source Rou ng
o 4: Timestamp
o 7: Record Route
o 8: Stream ID
 o 9: Strict Source Rou ng
IPv4 Fragmenta on

Why Fragmenta on?

 Each network has a Maximum Transmission Unit (MTU).
 IP fragments datagrams exceeding the MTU.
 Reassembly is done only at the des na on.

Key Concepts

Concept Descrip on

Min MTU 68 bytes (60 header + 8 data)

Max size IP must handle (no fragmenta on) 576 bytes

Unfragmented Datagram DF=0, MF=0, Offset=0

Fragmenta on Steps
1. Check DF Flag: If set, drop & send ICMP error.(DF=1 means fragmenta on not allowed)
2. Split Data: Each fragment’s data must be mul ple of 8 bytes (except last).
3. Header Updates:
o MF = 1 for all but last fragment.
o Offset = fragment’s posi on in 8-byte units.
o Copy op ons if required.
o Update length & checksum.
4. Send Fragments: Routed independently; may be further fragmented.

Reassembly (at des na on)

 Based on: ID + Source + Des na on IP
 Offset determines placement in buffer.
 Timer starts with first fragment; if incomplete when TTL expires → discard.

IP Rou ng Op ons (via Op ons Field)

1. Loose Source Rou ng (LSRR)
 Op on Type: 131 (0x83)
 Source specifies a list of routers; intermediate hops allowed.
 Pointer: Offset to next IP in the list.
 Used for: Route control + recording.
2. Strict Source Rou ng (SSRR)
 Op on Type: 137 (0x89)
 Like LSRR but no intermediate hops allowed (must be direct).
 If not possible → ICMP error.
3. Record Route
 Op on Type: 7 (0x07)
 Routers record their own IP addresses along the path.
 Pointer: Offset to next empty slot.
 Stops recording if space runs out.
4. Internet Timestamp
 Op on Type: 68 (0x44)
 Routers add mestamps (in milliseconds since midnight UTC).
 Flags:
o 0: Timestamps only
o 1: IP + Timestamp
o 2: Only if IP matches pre-specified list
 Not accurate for performance (no clock sync, low me granularity).

Given:
 Total datagram size = 3000 bytes
 IP header = 20 bytes
 Payload = 2980 bytes
 MTU of outgoing link = 500 bytes

Step 1: Compute Data Per Fragment

Each fragment must include its own IP header (20 bytes), so:
Max data per fragment = MTU - IP header
= 500 - 20 = 480 bytes

Step 2: Divide Payload into Fragments

Payload = 2980 bytes
Each fragment (except last) carries 480 bytes
Number of full 480-byte fragments = 2980 ÷ 480 = 6 full fragments
Remaining data = 2980 - (6 × 480) = 100 bytes
 Total fragments = 6 full + 1 last = 7 fragments

Fragment Details

Fragment Payload Offset (in 8-byte units) MF (More Fragments) Total Length

1 480 0 1 500

2 480 480 ÷ 8 = 60 1 500

3 480 960 ÷ 8 = 120 1 500

4 480 1440 ÷ 8 = 180 1 500

5 480 1920 ÷ 8 = 240 1 500

6 480 2400 ÷ 8 = 300 1 500

7 100 2880 ÷ 8 = 360 0 (last fragment) 100 + 20 = 120

ICMP Overview
 Protocol: Required, STD 5, RFC 792, updated by RFC 950
 Used for: Error repor ng & diagnos c func ons
 Encapsula on: Sent inside IP datagrams (protocol number = 1)
 Not Reliable: ICMP only reports errors; does not guarantee delivery
 No ICMP errors for:
o Other ICMP messages
o Broadcast/mul cast des na ons
o Non-unique source addresses
o Fragments (except first one)

ICMP Message Format

pgsql
CopyEdit
0 8 16 31
+------+--------+--------+
| Type | Code | Checksum |
+-------------------------+
| Iden fier | Sequence # |
+-------------------------+
| ICMP Data (varies) |

Important ICMP Message Types

Type Message Notes

0 Echo Reply Used in Ping

3 Des na on Unreachable Mul ple codes (0–15), e.g., 0 = network unreachable, 3 = port

4 Source Quench Conges on control (obsolete)

5 Redirect Suggest be er router; codes: 0–3

8 Echo Request Used in Ping

9/10 Router Adver sement/Solicit From RFC 1256, used in router discovery

11 Time Exceeded TTL expired (0 = transit, 1 = reassembly)

12 Parameter Problem Malformed IP header

13/14 Timestamp Req/Reply Diagnos c use only

17/18 Address Mask Req/Reply For discovering subnet mask

30 Traceroute Not widely supported

Special Cases
 Type 3 Code 4: “Fragmenta on needed but DF set” → used in Path MTU Discovery (RFC
1191)
 ICMP Checksum: Validates ICMP message integrity

ICMP Applica ons

Ping
 Uses Type 8 (Echo) and Type 0 (Reply)
 Tests reachability and RTT
 Can include: size, count, TTL, meout, no-fragment, record route

Traceroute
 Sends IP/UDP datagrams with increasing TTLs
 Relies on Type 11 (Time Exceeded) and Type 3 Code 3 (Port Unreachable)
 Maps the path to des na on host
Address Resolu on Protocol (ARP) – RFC 826

Purpose
Maps IP addresses (logical) to MAC addresses (physical).
Essen al for communica on on a local area network (LAN).
Works only on broadcast-capable networks (e.g., Ethernet, Wi-Fi).
Not applicable to X.25, ATM, or other non-broadcast networks.

Core Components
Field Descrip on
Hardware Type E.g., Ethernet = 1
Protocol Type E.g., IPv4 = 0x0800
Hardware Size E.g., 6 (bytes for MAC address)
Protocol Size E.g., 4 (bytes for IPv4)
Opcode 1 = ARP Request, 2 = ARP Reply
Sender MAC/IP MAC & IP of the sender
Target MAC/IP IP of the target; MAC is empty in request, filled in reply

How ARP Works

Host wants to send IP packet to IP X on same subnet
ARP cache is checked:
If found → MAC used directly.
If not found → ARP Request (broadcast) is sent.
All devices on subnet receive the ARP Requestz
Only host with matching IP responds with ARP Reply (unicast).
Sender stores <IP, MAC> in ARP cache and sends the IP packet.

ARP Packet Recep on Logic

When a host receives an ARP packet:
If hardware type and protocol match:
Update ARP cache with sender's info.
If it is the target, send ARP Reply with its own MAC address.
 Note: ARP requests are broadcast, but replies are unicast.

Router & Switch Treatment of ARP

Switches (Layer 2): Do not change MAC or IP. They just forward frames based on MAC addresses in
their CAM table.
Routers (Layer 3): Do not forward ARP broadcasts. They respond only if the IP in the ARP request
matches one of their interfaces.

MAC addresses change hop-by-hop. IP addresses remain the same unless NAT is involved.

Proxy ARP (RFC 1027)

A router answers ARP requests on behalf of a device in another subnet.

Used when:
Subne ng is transparent to hosts.
Hosts use legacy IP rou ng (no subnet awareness).
Process:
Host A (on subnet 1) ARPs for Host B (on subnet 2).
Router R responds with its own MAC, tricking A into sending to R.
R then forwards to B.

ARP Cache
Stores mappings of <IP, MAC>.
Has a meout (typically ~15-20 minutes).
Dynamically updated upon receiving ARP replies.
Can be manually cleared or modified via OS commands (e.g., arp -d).

Limita ons of ARP

Can be spoofed (ARP Spoofing/Poisoning – security risk).
Relies on broadcasts, which do not scale well.
Ineffec ve on non-broadcast networks.

Reverse ARP (RARP) – RFC 903

Purpose
Used by diskless clients to discover their own IP address.
Sends a RARP Request with known MAC, gets back IP.
Needs a RARP server with preconfigured mappings.

Opera on
Similar to ARP in format.
Opcode: 3 (Request), 4 (Reply)
EtherType: 0x8035 (RARP)

Unlike ARP, RARP requires manual mapping database on server.

Dynamic Host Configura on Protocol (DHCP) – Summary Notes

Overview
 Defined in: RFC 2131 (primary), with updates in RFC 3396, RFC 4361, RFC 2132.
 Purpose: Automa cally assign IP addresses and other network configura on parameters to
clients.
 Based on: BOOTP (adds dynamic address alloca on and extended op ons).
 Transport: Uses UDP
o Client → Server: Port 67
o Server → Client: Port 68

DHCP Address Alloca on Methods

1. Automa c Alloca on: Permanent IP address assigned to client.
2. Dynamic Alloca on: Temporary IP address (lease-based). Allows address reuse.
3. Manual Alloca on: Admin manually assigns address (MAC-based).

Key DHCP Message Types

Message Purpose

DHCPDISCOVER Client broadcasts to locate DHCP servers

DHCPOFFER Server responds with available IP and op ons

DHCPREQUEST Client requests IP from one server (broadcast)

DHCPACK Server confirms and finalizes IP lease

DHCPNACK Server denies lease or request

DHCPDECLINE Client rejects IP (e.g. conflict)

Message Purpose

DHCPRELEASE Client relinquishes lease early

DHCPINFORM Client with sta c IP asks for config parameters

DHCP Packet Format (Simplified)

Field Descrip on

op 1=Request, 2=Reply

xid Transac on ID

ciaddr Client IP (if known)

yiaddr Your IP (offered by server)

siaddr Server IP

giaddr Relay agent IP

chaddr Client hardware (MAC)

op ons Config params (e.g., subnet, gateway, DNS)

Client-Server Address Alloca on Flow

1. Client (INIT) → DHCPDISCOVER → Broadcast
2. Server(s) → DHCPOFFER → Unicast or broadcast
3. Client → DHCPREQUEST → Broadcast (selects one offer)
4. Server → DHCPACK → Unicast or broadcast
5. Client verifies IP (via ARP), configures network interface

DHCP Lease Renewal

 T1 Timer (~50% lease): Client unicasts DHCPREQUEST to same server (BOUND →
RENEWING).
 T2 Timer (~87.5% lease): If no reply, client broadcasts DHCPREQUEST (REBINDING).
 If no reply before lease expires → Client must restart with DHCPDISCOVER.

Router & Switch Handling of DHCP Packets

Switches (Layer 2)
 Forward DHCP broadcast packets (like DHCPDISCOVER) out all ports within the VLAN.
 No IP processing or address transla on involved.
 Operate at MAC layer — treat DHCP like any broadcast/mul cast frame.

Important: Switches do not modify DHCP packets.

Routers (Layer 3)
 Do NOT forward DHCP broadcasts by default (since broadcasts don’t cross subnets).
 DHCP can work across subnets using a DHCP Relay Agent (typically enabled on routers):
o Adds its own interface IP in the giaddr (gateway IP address) field.
o Forwards DHCP messages to the server using unicast.
o On reply, routes the DHCPACK or DHCPOFFER back to the client on the correct
subnet.

Without giaddr, servers cannot assign the correct subnet info.

Common Enhancements in Real Networks

 DHCP Snooping (on switches): Security feature to prevent rogue DHCP servers.
 IP Source Guard / ARP Inspec on: Used in tandem with DHCP snooping to block spoofing.
 Op on 82 (Relay Agent Informa on): Appended by relay to track DHCP client origin (used in
ISPs, enterprise networks).

Security & Opera onal Considera ons

 DHCP is inherently insecure (no authen ca on):
o Rogue clients can get IP addresses.
o Rogue servers can misconfigure clients.
 Possible countermeasures:
o Use MAC-based reserva ons or manual assignments for cri cal devices.
o Disable unused switch ports or use port security.
o Implement DHCP snooping and trusted interfaces.

Special Cases
 DHCPINFORM: Used by sta cally-configured clients to fetch DNS, gateway, etc.
 Rebinding: During lease renewal, if original server is unreachable, any DHCP server can
respond.