Network Layer - OSI Model

The network Layer controls the operation of the subnet. The main aim of this layer is to deliver
packets from source to destination across multiple links (networks). If two computers (system)
are connected on the same link, then there is no need for a network layer. It routes the signal
through different channels to the other end and acts as a network controller.
It also divides the outgoing messages into packets and to assemble incoming packets into
messages for higher levels.
In broadcast networks, the routing problem is simple, so the network layer is often thin or even
non-existent.

Functions of Network Layer

1. It translates logical network address into physical address. Concerned with circuit, message
or packet switching.
2. Routers and gateways operate in the network layer. Mechanism is provided by Network
Layer for routing the packets to final destination.
3. Connection services are provided including network layer flow control, network layer error
control and packet sequence control.
4. Breaks larger packets into small packets.
Design Issues with Network Layer

 A key design issue is determining how packets are routed from source to destination. Routes
can be based on static tables that are wired into the network and rarely changed. They can
also be highly dynamic, being determined anew for each packet, to reflect the current
network load.
 If too many packets are present in the subnet at the same time, they will get into one
another's way, forming bottlenecks. The control of such congestion also belongs to the
network layer.
 Moreover, the quality of service provided(delay, transmit time, jitter, etc) is also a network
layer issue.
 When a packet has to travel from one network to another to get to its destination, many
problems can arise such as:
o The addressing used by the second network may be different from the first one.
o The second one may not accept the packet at all because it is too large.
o The protocols may differ, and so on.
 It is up to the network layer to overcome all these problems to allow heterogeneous networks
to be interconnected.

Datagram Network
In data communications, we need to send messages from one end system to another. If the
message is going to pass through a packet-switched network, it needs to be divided into packets
of fixed or variable size. The size of the packet is determined by the network and the governing
protocol.
In packet switching, there is no resource allocation for a packet. This means that there is no
reserved bandwidth on the links, and there is no scheduled processing time for each packet.
Resources are allocated on demand. The allocation is done on a first come, first-served basis.
When a switch receives a packet, no matter what is the source or destination, the packet must
wait if there are other packets being processed.
In a datagram network, each packet is treated independently of all others. Even if a packet is part
of a multi packet transmission, the network treats it as though it existed alone. Packets in this
approach are referred to as datagrams. Datagram switching is normally done at the network
layer.
The following figure shows how the datagram approach is used to deliver four packets from
station A to station X. The switches in a datagram network are traditionally referred to as routers.

In this example, all four packets (or datagrams) belong to the same message, but may travel
different paths to reach their destination. This is so because the links may be involved in carrying
packets from other sources and do not have the necessary bandwidth available to carry all the
packets from A to X. This approach can cause the datagrams of a transmission to arrive at their
destination out of order with different delays between the packets. Packets may also be lost or
dropped because of a lack of resources. In most protocols, it is the responsibility of an upper-
layer protocol to reorder the datagrams or ask for lost datagrams before passing them on to the
application. The datagram networks are sometimes referred to as connectionless networks.
Routing Table:

In this type of network, each switch (or packet switch) has a routing table which is based on the
destination address. The routing tables are dynamic and are updated periodically. The destination
addresses and the corresponding forwarding output ports are recorded in the tables. This is
different from the table of a circuit switched network in which each entry is created when the
setup phase is completed and deleted when the teardown phase is over.

Destination Address:

Every packet in a datagram network carries a header that contains, among other information, the
destination address of the packet. When the switch receives the packet, this destination address is
examined; the routing table is consulted to find the corresponding port through which the packet
should be forwarded.

Efficiency:
The efficiency of a datagram network is better than that of a circuit-switched network. Resources
are allocated only when there are packets to be transferred. If a source sends a packet and there is
a delay of a few minutes before another packet can be sent, the resources can be reallocated
during these minutes for other packets from other sources. 

Delay:

There may be greater delay in a datagram network than in a virtual-circuit network. Although
there are no setup and teardown phases, each packet may experience a wait at a switch before it
is forwarded. In addition, since not all packets in a message necessarily travel through the same
switches, the delay is not uniform for the packets of a message. The following figure gives an
example of delay in a datagram network for one single packet.
 

The Internet has chosen the datagram approach to switching at the network layer. It uses the
universal addresses defined in the network layer to route packets from the source to the
destination.

Network Address Translation (NAT)

It is the process where a network device, usually a firewall, assigns a public address to a
computer (or group of computers) inside a private network. The main use of NAT is to limit the
number of public IP addresses an organization or company must use, for both economy and
security purposes. There are other uses for Network Address Translation (NAT) beyond simply
allowing workstations with internal IP addresses to access the Internet. In large networks, some
servers may act as Web servers and require access from the Internet. These servers are assigned
public IP addresses on the firewall, allowing the public to access the servers only through that IP
address. However, as an additional layer of security, the firewall acts as the intermediary
between the outside world and the protected internal network. Additional rules can be added,
including which ports can be accessed at that IP address. Using NAT in this way allows network
engineers to more efficiently route internal network traffic to the same resources, and allow
access to more ports, while restricting access at the firewall. It also allows detailed logging of
communications between the network and the outside world.

NAT is a very important aspect of firewall security. It conserves the number of public addresses
used within an organization, and it allows for stricter control of access to resources on both sides
of the firewall.

Internet as connectionless network:

Two distinct techniques are used in data communications to transfer data. Each has its own
advantages and disadvantages. They are the connection-oriented method and the connectionless
method:

Connection-oriented Requires a session connection (analogous to a phone call) be established

before any data can be sent. This method is often called a "reliable" network service. It can
guarantee that data will arrive in the same order. Connection-oriented services set up virtual links
between end systems through a network, as shown in Figure 1. Note that the packet on the left is
assigned the virtual circuit number 01. As it moves through the network, routers quickly send it
through virtual circuit 01.

Connectionless Does not require a session connection between sender and receiver. The
sender simply starts sending packets (called datagrams) to the destination. This service does not
have the reliability of the connection-oriented method, but it is useful for periodic burst transfers.
Neither system must maintain state information for the systems that they send transmission to or
receive transmission from. A connectionless network provides minimal services.

connection-oriented methods may be implemented in the data link layers of the protocol stack
and/or in the transport layers of the protocol stack, depending on the physical connections in
place and the services required by the systems that are communicating. TCP (Transmission
Control Protocol) is a connection-oriented transport protocol, while UDP (User Datagram
Protocol) is a connectionless network protocol. Both operate over IP.

The physical, data link, and network layer protocols have been used to implement guaranteed
data delivery. For example, X.25 packet-switching networks perform extensive error checking
and packet acknowledgment because the services were originally implemented on poor-quality
telephone connections. Today, networks are more reliable. It is generally believed that the
underlying network should do what it does best, which is deliver data bits as quickly as possible.
Therefore, connection-oriented services are now primarily handled in the transport layer by end
systems, not the network. This allows lower-layer networks to be optimized for speed.

LANs operate as connectionless systems. A computer attached to a network can start

transmitting frames as soon as it has access to the network. It does not need to set up a
connection with the destination system ahead of time. However, a transport-level protocol such
as TCP may set up a connection-oriented session when necessary.

The Internet is one big connectionless packet network in which all packet deliveries are handled
by IP. However, TCP adds connection-oriented services on top of IP. TCP provides all the
upper-level connection-oriented session requirements to ensure that data is delivered properly.
MPLS is a relatively new connection-oriented networking scheme for IP networks that sets up
fast label-switched paths across routed or layer 2 networks.

A WAN service that uses the connection-oriented model is frame relay. The service provider sets
up PVCs (permanent virtual circuits) through the network as required or requested by the
customer. ATM is another networking technology that uses the connection-oriented virtual
circuit approach.

Fragmentation:

Not all link-layer protocols can carry network-layer packets of the same size. Some protocols can
carry big datagrams, whereas other protocols can carry only little packets. For example, Ethernet
frames can carry upto 1,500 bytes of data, whereas frames for some wide-area links can carry no
more than 576 bytes.

The maximum amount of data that a link-layer frame can carry is called the maximum
transmission unit (MTU). Because each IP datagram is encapsulated within the link-layer frame
for transport from one router to the next router, the MTU of the link-layer protocol places a hard
limit on the length of an IP datagram. Having a hard limit on the size of an IP datagram is not
much of a problem. What is a problem is that each of the links along the router between sender
and destination can use different link-layer protocols, and each of these protocols can have
different MTUs.

IP Datagram Fragmentation

To understand the forwarding issue better, imagine that you are a router that interconnects
several links, each running different link-layer protocols with different MTUs. Suppose you
receive an IP datagram from one link. You check your forwarding table to determine the
outgoing link, and this outgoing link has an MTU that is smaller than the length of the IP
datagram. Time to panic – how are you going to squeeze this oversized IP datagram into the
payload field of the link-layer frame?

The solution is to fragment the data in the IP datagram into two or more smaller IP datagrams,
encapsulate each of these smaller IP datagram in a separate link-layer frame; and send these
frames over the outgoing link. Each of these smaller datagrams is referred to as a fragment .

Fragments need to be reassembled before they reach the transport layer at the destination.
Indeed, both TCP and UDP are expecting to receive complete, unfragmented segments from the
network layer. The designers of IPv4 felt that reassembling datagram in the routers would
introduce significant complication into the protocol and put a damper on router performance. (if
you were a router, would you want to be reassembling fragments on top of everything else you
had to do?). Sticking to the principle of keeping the network core simple, the designers of IPv4
decided to put the job of datagram reassembly in the end system rather than in network routers.

When a destination host receives a series of datagrams from the same source, it needs to
determine whether any of these datagrams are fragments of some original larger datagram.If
some datagrams are fragments, it must further determine when it has received the last fragment
and how the fragments it has received should he pieced back together to form the original
datagram.To allow the destination host to perform these reassembly tasks, the designers of IP
(version 4) put identification flag, and fragmentation offset fields in the IP datagram header.

When a datagram is created, the sending host stamps the datagram with an identification number
as well as source and destination address. Typically, the sending host increments the
identification number for each datagram it sends. When a router needs to fragment a datagram,
each resulting datagram (that is, fragment) is stamped with the source address, destination
address, and identification number of the original datagram.

When the destination receives a series of datagrams from the same sending host, it can examine
the identification numbers of the datagrams to determine which of the datagrams are actually
fragments of the same larger datagram.

Because IP is an unreliable service, one or more of the fragments may never arrive at the
destination. For this reason, in order for the destination host to be absolutely sure it has received
the last fragment of the original datagram , the last fragment has a flag bit set to 0, whereas all
the other fragments have flag bit set to 1. Also, in order for the destination host to determine
whether a fragment is missing ( and also to be able to reassemble the fragments in their proper
order), the offset field is used to specify where the fragment fits within the original IP datagram.

IP Datagram Fragmentation Example

The figure below shows an IP datagram fragmentation example.
A datagram of 4,000 bytes (20 bytes of IP header plus 3,980 bytes of IP payload) arrives at a
router and must be forwarded to a link with an MTU of 1,500 bytes. This implies that the 3,980
data bytes in the original datagram must be allocated to three separate fragments (each of which
is also an IP datagram).

Suppose that the original datagram is stamped with an identification number of 777.The
characteristics of three fragments are shown in the table below.

The values in the above table reflect the requirement that the amount of original payload data in
all but the last fragment be a multiple of 8 bytes, and that the offset value be specified in units of
8-byte chunks. At the destination, the payload of the datagram is passed to the transport layer
only after the IP layer has fully reconstructed the IP datagram. If one or more of the fragments
does not arrive at the destination, the incomplete datagram is discarded and not passed to the
transport layer. But, we know that if TCP is being used at the transport layer, then TCP will
recover from this loss by having the source retransmit the data in the original datagram.