You are on page 1of 112

3

Data Link and Network Layer TCP/IP


Protocols

A Guide to TCP/IP

Chapter 3 1
3

Objectives

After reading this chapter and completing the


exercises you will be able to:
• Understand the role that data link protocols, such
as SLIP and PPP, play for TCP/IP
• Distinguish among various Ethernet and token
ring frame types
• Understand how hardware addresses work in a
TCP/IP environment, and the services that ARP
and RARP provide for such networks

Chapter 3 2
3

Objectives
After reading this chapter and completing the
exercises you will be able to:
• Appreciate the overwhelming importance of the
Internet Protocol (IP), and how IP packets behave on
TCP/IP networks
• Understand the structures and functions of an IP
header
• Appreciate the function of the Maximum Transfer Unit
(MTU) for any physical medium, and why
fragmentation is sometimes required of the Network
layer
Chapter 3 3
3

Data Link Protocols

• The Data Link layer performs several key jobs with the
two most important being:
– Managing access to whatever networking medium is in use,
called Media Access Control (usually abbreviated as MAC)
– Creating temporary point-to-point links between a pair of MAC
layer addresses to enable data transfer, called Logical Link
Control (usually abbreviated as LLC)
• A point-to-point data transfer involves shipping data
from a specific MAC layer address that represents the
point of transmission to another specific MAC layer
address that represents the point of reception on a
single network segment, or TCP/IP subnet

Chapter 3 4
3

Data Link Protocols

• This same point-to-point technique also works for


data transfer across wide area network (WAN) links
—such as analog telephone lines, digital
connections, or X.25—which is why certain TCP/IP
data link protocols may sometimes be called WAN
protocols
• The data encapsulation techniques used to enclose
packet payloads for transmission across WAN links
differ from those used for LAN connections, and
involve specialized protocols that operate at the
Data Link layer
Chapter 3 5
3

Data Link Protocols

• The specific protocols are:


– Serial Line Internet Protocol (SLIP)
– Point-to-Point Protocol (PPP)
– Special handling for X.25, frame relay, and Asynchronous
Transfer Mode (ATM) connections
• The key to understanding the material is to recognize that
both SLIP and PPP support a straightforward point-to-
point connection between two parties, or nodes, on a link
• These kinds of two-party connections include analog
phone lines, Digital Subscriber Line (DSL) connections,
and T-carriers, such as T1, T3, E1, or E3

Chapter 3 6
3

Data Link Protocols

• Special handling is necessary for X.25, frame relay,


and Asynchronous Transfer Mode (ATM) WAN links,
which use packet or circuit-switching technologies,
and must explicitly address sender and receiver at the
Data Link layer
• WAN encapsulation of frames at the Data Link layer
involves one or more of the following services (they
vary according to the requirements of the type of link
used):
– Addressing – Bit-level integrity check
– Delimitation – Protocol identification (PID)

Chapter 3 7
3
The Serial Line
Internet Protocol (SLIP)
• SLIP is the original point-to-point protocol for
TCP/IP traffic, still used for connecting to some
ISPs today
• SLIP uses a special END character (0xC0) that is
placed at the beginning and end of each IP
datagram to delimit the payload
• The SLIP ESC character is not the same as the
American Standard Code for Information
Interchange (ASCII) ESC character, the hex DB-
DC sequence is usually denoted 0xDB-DC
Chapter 3 8
3
The Serial Line
Internet Protocol (SLIP)
• If the SLIP ESC character occurs in a frame’s payload
0xDB-DD replaces it
• AS specified in RFC 1055, the maximum size of a SLIP data
gram is 1066 bytes
• Most systems continue to set the upper bound for SLIP
datagram at 1066 bytes, but Windows 2000 permits MTUs of
1500 bytes for SLIP datagrams to avoid fragmentation when
a SLIP connection links two Ethernet segments
• RFC 1144 was developed to permit IP and TCP headers to
be compressed when sent across a SLIP link
• This version of SLIP is called compressed SLIP (C-SLIP)

Chapter 3 9
3

Point-to-Point Protocol (PPP)

• PPP is a general-purpose, point-to-point protocol


that overcomes SLIP’s deficiencies, and provides
WAN data link encapsulation services similar to
those available for LAN encapsulation
• RFC 1661 provides the detailed specifications for
PPP, and includes the following characteristics:
– Encapsulation methods that support simultaneous use of
multiple protocols across the same link
– A special Link Control Protocol (LCP) used to negotiate the
characteristics of any point-to-point link established using
PPP

Chapter 3 10
3

Point-to-Point Protocol (PPP)


– A collection of negotiation protocols used to establish the
Network layer properties of protocols carried over the point-to-
point link, called Network Control Protocols (NCPs). RFCs 1332
and 1877 describe an NCP for IP, known as the Internet Protocol
Control Protocol (IPCP), used to negotiate an IP address for the
sending party, addresses for DNS servers, and (optional) use of
the Van Jacobsen TCP compression protocol, where possible
• PPP encapsulation and framing techniques are based on
the ISO High-level Data Link Control (HDLC) protocol,
which is in turn based on IBM’s work on the Synchronous
Data Link Control (SDLC) protocol used as part of its
Systems Network Architecture (SNA) protocols

Chapter 3 11
3

Point-to-Point Protocol (PPP)

• Although PPP framing supports addressing and


link control information derived from HDLC, most
PPP implementations use an abbreviated form
that skips this unnecessary information
• The fields in the PPP header and trailer include
the following values:
– Flag
– Protocol identifier
– Frame Check Sequence (FCS)

Chapter 3 12
3

Point-to-Point Protocol (PPP)

• When PPP is used with synchronous


technologies, such as T1, Integrated Services
Digital Network (ISDN), DSL, or Synchronous
Optical Network (SONET) links, a faster, more
efficient technique of bit substitutions is used,
rather than the wholesale character replacement
used with asynchronous links
• PPP supports a default MTU of 1500 bytes, which
makes it ideal for interconnecting Ethernet-based
networks (or peers)

Chapter 3 13
3

Special Handling for PPP Links

• When any particular switched technologies, such


as X.25, frame relay, or ATM, are used to link
together PPP peers, additional control and
addressing information must be included in PPP
headers to manage the connection
• RFCs describe encapsulation of PPP datagrams
for these technologies:
– X.25: RFC 1356
– Frame relay: RFC 2427
– ATM: RFCs 1557 and 1626

Chapter 3 14
3

Frame Types

• At the Data Link layer, protocol data units


are called frames; in TCP/IP terminology,
these PDUs may also be called IP
datagrams, which can be encapsulated in
a variety of frame types

Chapter 3 15
3

Ethernet Frame Types

• The Ethernet II frame type is the de facto


standard frame type used for IP datagram
transmissions over Ethernet networks
• The Ethernet II frame has a protocol identification
field (the Type field) that contains the value
0x0800 to identify the encapsulated protocol as IP
• Before an IP datagram is transmitted onto the
cable, the data link driver puts the leading frame
onto the datagram

Chapter 3 16
3

Ethernet Frame Types

• If a frame does not meet the minimum frame size of 64


bytes, the driver must pad the Data field

• The Ethernet NIC performs a Cyclical Redundancy


Check (CRC) procedure on the contents of the frame,
and places a value at the end of the frame in the
Frame Check Sequence field

• Finally, the NIC sends the frame, led by a preamble,


which is a leading bit pattern used by the receiver to
correctly interpret the bits as ones and zeroes

Chapter 3 17
3

Ethernet Frame Types

• There are three Ethernet frame types that


TCP/IP can use:

– Ethernet II

– Ethernet 802.2 Logical Link Control (LLC)

– Ethernet 802.2 Sub-Network Access Protocol


(SNAP)

Chapter 3 18
3

Ethernet II Frame Structure

• The Ethernet II frame type consists of the


following values, fields, and structure:
– Preamble

– Destination Address field

– Source Address field

– Type field

– Data field

– Frame Check Sequence field

Chapter 3 19
3

Ethernet II Frame Structure

Chapter 3 20
3

Ethernet II Frame Structure

Preamble
• The preamble is eight bytes long and consists of alternating ones
and zeroes

• This special string of bits precedes the actual Ethernet frame itself,
and is not counted as part of the overall frame length

Destination Address Field


• The Destination Address field is six bytes long and indicates the
data link address (also referred to as the hardware address or MAC
address) of the destination IP host

• The destination address may be broadcast, multicast, or unicast

Chapter 3 21
3

Ethernet II Frame Structure

Source Address Field


• The Source Address field is six bytes long and
indicates the sender’s hardware address
• This field can only contain a unicast address—it
cannot contain a broadcast or multicast address
Type Field
• The Type field is two bytes long and identifies the
protocol that is using this frame type

Chapter 3 22
3

Assigned Protocol Types (by Number)

Chapter 3 23
3

Ethernet II Frame Structure

Frame Check Sequence Field


• The Frame Check Sequence field is four bytes long
and includes the result of the CRC calculation
• Upon receipt of an Ethernet II frame, an IP host checks
the validity of the contents by performing a CRC
check on its contents, and comparing the result to the
value contained in the Frame Check Sequence field
• At the Data Link layer, the frame is examined to
determine the actual destination address (broadcast,
multicast, or unicast)

Chapter 3 24
3

Ethernet 802.2 LLC Frame Structure


• Figure 3-2 depicts the format of an Ethernet 802.2 Logical Link
Control (LLC) frame
• The Ethernet 802.2 LLC frame type consists of the following fields:
– Preamble
– Start Frame Delimiter (SFD) field
– Destination Address field
– Source Address field
– Length field
– Destination Service Access Point (DSAP) field
– Source Service Access Point (SSAP) field
– Control field
– Data field
– Frame Check Sequence (FCS) field

Chapter 3 25
3

Ethernet 802.2 LLC Frame Structure

Preamble
• This preamble does not end in consecutive ones
Start Frame Delimiter (SFD) Field
• The 1-byte SFD field consists of the pattern 10101011 and
indicates the start of the Destination Address field
Length Field
• The 2-byte Length field indicates the number of bytes in the
data portion of the frame
• This frame does not use a Type field in this location—it
uses a Service Access Point (SAP) field to indicate the
upcoming protocol

Chapter 3 26
3

Ethernet 802.2 LLC Frame Structure

Destination Service Access Point (DSAP) Field


• This 1-byte field indicates the destination
protocol
• Table 3-2 lists some of the assigned SAP
numbers (defined by the IEEE)
Source Service Access Point (SSAP) Field
• This 1-byte field indicates the source protocol
(typically the same as the destination protocol)

Chapter 3 27
3

Assigned SAP Numbers

Chapter 3 28
3

Ethernet 802.2 LLC Frame Structure


Control Field
• This 1-byte field indicates whether this frame is
unnumbered format (connections) or
informational/supervisory format (for connection-
oriented and management purposes)
Ethernet SNAP Frame Structure
• RFC 1042, “A Standard for the Transmission of IP
Datagrams over IEEE 802 Networks,” specifies how IP
traffic should be encapsulated to 802.2 LLC frames
that include the Sub-Network Access Protocol (SNAP)
portion

Chapter 3 29
3

Ethernet 802.2 LLC Frame Structure

Ethernet SNAP Frame Structure

• Although Windows 2000 defaults to transmitting


IP and ARP communications over the Ethernet II
frame type, you can edit the Registry to support
transmission of IP and ARP over the Ethernet
802.2 SNAP frame structure by adding the
ArpUseEtherSNAP Registry setting, as listed in
Table 3-3.

Chapter 3 30
3

ArpUseEtherSNAP Registry Setting

Chapter 3 31
3

Ethernet 802.2 LLC Frame Structure

Ethernet SNAP Frame


Structure
• The Registry entry
ArpUseEtherSNAP
must be set to 1 to
enable use of the
Ethernet 802.2 SNAP
frame format for IP
and ARP traffic over
Ethernet
• Figure 3-3 depicts the
format of an Ethernet
SNAP frame

Chapter 3 32
3

Ethernet 802.2 LLC Frame Structure

Organization Code Field


• This 3-byte field identifies the organization that
assigned the Ethernet type number used in the
Ether Type field that follows

Ether Type Field


• The 2-byte Ether Type field indicates the network
protocol that is using this Ethernet SNAP frame
format
Chapter 3 33
3

Token Ring Frame Types

• The IEEE 802.5 standard defines token ring


networking
• Token ring networks rely on a physical star design,
although they use a logical ring transmission paths,
as shown in Figure 3-4
• On a token ring network, each token ring workstation
acts as a repeater—repeating each packet received
back onto the network
• There are two variations of token ring frames: Token
Ring 802.2 LLC frames and Token Ring SNAP frames

Chapter 3 34
3
Token Ring Networks
Are Physically Stars,
But Logically Rings

Chapter 3 35
3

Token Ring 802.2 LLC Frame Format

• The standard Token Ring 802.2 LLC frames include the same LLC
fields used by the Ethernet 802.2 LLC frame

Chapter 3 36
3

Token Ring 802.2 LLC Frame Format

Start Delimiter Field


• The 1-byte Start Delimiter field is used to
designate the beginning of a token ring frame

Access Control Field


• The 1-byte Access Control field indicates whether
the upcoming fields constitute a token or a frame,
the priority of the token or frame, and if the frame
or token already circled the ring once

Chapter 3 37
3

Token Ring 802.2 LLC Frame Format

Frame Control Field

• This 1-byte field indicates whether the frame


contains token ring management information or
data

Destination Address Field

• This 6-byte field indicates the destination


hardware address

Chapter 3 38
3

Token Ring 802.2 LLC Frame Format

Source Address Field


• This 6-byte field indicates the source hardware
address
• This field must contain a unicast address
Destination Service Access Point (DSAP) Field
(LLC 802.2)
• This 1-byte field is the start of the LLC section,
and indicates the destination protocol

Chapter 3 39
3

Token Ring 802.2 LLC Frame Format

Source Service Access Point (SSAP) Field (LLC


802.2)
• This 1-byte field indicates the source protocol in
use
Control Field (LLC 802.2)
• This 1-byte field indicates whether this frame is
unnumbered (connectionless) or
supervisory/informational (for connection-
oriented and management purposes)

Chapter 3 40
3

Token Ring 802.2 LLC Frame Format

Data Field
• This field can be between zero and 18,000 bytes long and
contains the TCP/IP data
Frame Check Sequence Field
• The Frame Check Sequence field is four bytes long and
includes the result of the CRC calculation used to error
check the packet
End Delimiter Field
• This 1-byte field indicates the end of the token ring frame
(except for the Frame Status field)

Chapter 3 41
3

Token Ring 802.2 LLC Frame Format

End Delimiter Field

• This 1-byte field indicates the end of the token


ring frame (except for the Frame Status field)

Frame Status Field

• This 1-byte field is used to indicate if the frame’s


destination address was recognized, and if the
frame was copied

Chapter 3 42
3

Token Ring SNAP Frame Format

• The Token
Ring SNAP
frame format
expands the
standard
802.2 LLC
layer by
adding an
Organization
Code field
and an Ether
Type field

Chapter 3 43
3

Token Ring SNAP Frame Format

Organization Code Field


• This 3-byte field identifies the organization that
assigned the Ethernet type number used in the
Ether Type field that follows

Ether Type Field


• The 2-byte Ether Type field indicates the network
protocol that is using this Ethernet SNAP frame
format

Chapter 3 44
3
Hardware Addresses
in the IP Environment
• IP addresses are used to identify individual IP
hosts on a TCP/IP internetwork
• TCP/IP networking uses ARP to determine the
hardware address of the local target for the
packet
• IP hosts maintain an ARP cache—a table of
hardware addresses learned through the ARP
process—in memory
• ARP is used only to find the hardware address of
local IP hosts

Chapter 3 45
3
ARP Broadcasts
Identify the Source
and the Desired IP Address

Chapter 3 46
3
Hardware Addresses
in the IP Environment
• If the IP destination is remote (on another
network), the IP host must refer to its routing
tables to determine the proper router for the
packet
• This is referred to as the route resolution
process
• ARP is not routable
• ARP can also be used to test for a duplicate IP
address on the network

Chapter 3 47
3

ARP Frame Structure

Chapter 3 48
3

ARP Duplicate IP Address Test

Chapter 3 49
3

ARP Packet Fields and Functions

• By default, Windows 2000 uses the Ethernet II


frame type for all ARP traffic

• There are two basic ARP packets—the ARP


request packet and the ARP reply packet

• The most confusing part of ARP is the


interpretation of the sender and target address
information

• Figure 3-11 shows the ARP reply packet

Chapter 3 50
3

ARP Request for IP Host 10.1.0.99

Chapter 3 51
3
ARP Reply Packet Is
a Unicast Packet

Chapter 3 52
3

Hardware Type Field

• This field defines the hardware or data link

type in use, is also used to determine the

hardware address length, which makes

the Length of Hardware Address field

redundant

Chapter 3 53
3

Protocol Type Field

• This field defines the protocol address type in use, and uses the
standard protocol ID values that are also used in the Ethernet II
frame structures

Chapter 3 54
3

Length of Hardware Address Field

• This field defines the length (in bytes) of


the hardware addresses used in this
packet

Chapter 3 55
3

Length of Protocol Address Field

• This field indicates the length (in bytes) of


the protocol (network) addresses used in
this packet

• This field is redundant because the


Protocol Type field also determines this
value

Chapter 3 56
3

Opcode Field

• This field defines whether this ARP packet is a


request or reply packet, and defines the type of
address resolution taking place

Chapter 3 57
3

Sender’s Hardware Address Field

• This field indicates the hardware address


of the IP host that sends this request or
reply

Chapter 3 58
3

Sender’s Protocol Address Field

• This field indicates the protocol, or

network, address of the IP host that sends

this request or reply

Chapter 3 59
3

Target Hardware Address Field

• This field indicates the desired target’s hardware


address, if known
• In ARP replies, this field should contain one of
the following:
– The hardware address of the desired IP host if the
sender and destination share a common data link
– The hardware address of the next router in the path to
the destination if they don’t share a common data link.
This is known as the next-hop router to that IP host, in
which that device will be the first of one or more routers
that will convey the data from sender to receiver

Chapter 3 60
3

Target Protocol Address Field

• This field indicates the desired target’s

protocol, or network, address

Chapter 3 61
3

ARP Cache

• ARP information (hardware addresses and their


associated IP addresses) is kept in an ARP cache in
memory on most operating systems, including Linux,
BSD, UNIX, Windows 95, Windows 98, Windows NT, and
Windows 2000

Chapter 3 62
3

ARP Cache

• Windows-based systems also have a utility you


can use to view your IP and hardware addresses
• You can use the Windows utility WINIPCFG on
Windows 95 systems
• You can use the command-line utility IPCONFIG
on Windows 98 and Windows 2000 systems
• The IPCONFIG utility also indicates that the
default gateway is 10.2.0.99
• On a Windows 2000 system, ARP cache entries
are kept in memory for 120 seconds

Chapter 3 63
3
IPCONFIG Utility
Indicates the Device’s IP and
Hardware Addresses

Chapter 3 64
3

ArpCacheLife Registry Setting

Chapter 3 65
3

Proxy ARP

• Proxy ARP is a method that allows an IP


host to use a simplified subnetting design

• Proxy ARP also enables a router to “ARP”


in response to an IP host’s ARP
broadcasts

Chapter 3 66
3

ARP Proxy Network Design

Chapter 3 67
3

Reverse ARP (RARP)

• Reverse ARP is, as its name implies, the


reverse of ARP

• RARP was initially defined to enable


diskless workstations to find their own IP
addresses

Chapter 3 68
3

Network Layer Protocols

• The primary function of Network layer protocols is to


move datagrams through an internetwork connected by
routers
• Network layer communications are end-to-end
communications that define the originator as the source
Network layer address, and the target as the destination
Network layer address
• Internet Protocol is the Network layer protocol used in
the TCP/IP suite
• IP version 4 (IPv4) is widely implemented
• Internet Protocol version 6 (IPv6) is undergoing some
initial implementations

Chapter 3 69
3

About Internet Protocol (IP)

• We examine how an IP datagram is


formed, how an IP host learns whether the
destination is local or remote, how
packets are fragmented and reassembled,
as well as the details of IP packet
structures

Chapter 3 70
3

Sending IP Datagrams

• IP offers connectionless service with end-to-end


Network layer addressing
• Building an IP datagram packet to send on the
wire has certain requirements
• We must know the:
– IP addresses of the source and destination
– Hardware address of the source and next-hop router
• Your system needs to resolve the name fred to an
IP address
• This is called the name resolution process
Chapter 3 71
3
Data Link Header Is
Stripped Off and Reapplied by the IP
Router as the Packet Is Forwarded

Chapter 3 72
3

Route Resolution Process

• The route resolutions process enables an


IP host to determine if the desired
destination is local or remote

Chapter 3 73
3

Local or Remote Destination?

• Upon determination of the IP address of


the desired destination, the IP host
compares the network portion of the
destination address to its own local
network address

Chapter 3 74
3

If Remote, Which Router?

• Now that the local IP host knows that the


destination is remote, the IP host must determine
the hardware address of the appropriate router
for the packet
• The IP host looks in its local routing tables to
determine if it has a host entry or network router
entry for the target
• If neither a host entry nor network entry is listed,
the IP host checks for a default gateway entry

Chapter 3 75
3

If Remote, Which Router?

• The default gateway offers a path of blind faith


—because the IP host does not have a route to
the destination, it sends the packet to the
default gateway, and just hopes the default
gateway can figure out what to do with the
packet

• If IP hosts cannot communicate with each


other, you can use a protocol analyzer to
determine what went wrong

Chapter 3 76
3

If Remote, Which Router?

• Perhaps one of the following faults occurred:


– The IP host can ARP only for IP hosts that are local—
perhaps the actual destination is remote (check the
source subnet mask and the destination’s IP address)
– Perhaps the destination is local, but not replying to the
ARP because it is not completely functional (a duplicate
IP address was detected, or the destination is simply
down)
– Maybe the IP address the source received from a name
resolution process, such as DNS, is incorrect

Chapter 3 77
3
Sample of an
ARP Failure Due to
a Discomfiture Network Mask

Chapter 3 78
3

If Remote, Which Router?

• It is time to examine the following unique


characteristics of IP communications:

– Lifetime of an IP datagram

– Fragmentation and reassembly

– Service delivery options

– IP header fields and functions

Chapter 3 79
3

Lifetime of an IP Datagram

• All IP packets have a predefined lifetime indicated


in each packet’s Time to Live (TTL) field
• This ensures that packets cannot indefinitely
circle a looped internetwork
• The recommended starting TTL value is 64
• The default TTL in Windows 2000 is 128
• If a packet with TTL=1 arrives at a router, the
router must discard the packet because it cannot
decrement the TTL to zero and forward the packet

Chapter 3 80
3

Lifetime of an IP Datagram

• If a packet with TTL=1 arrives at a host, what should the host do?
• Process the packet, of course
• The hosts do not need to decrement the TTL value upon receipt
• TRACEROUTE uses the TTL value and the timeout process to
trace the end-to-end path through an internetwork

Chapter 3 81
3

Fragmentation and Reassembly

• IP fragmentation enables a larger packet to be


automatically fragmented by a router into smaller
packets to cross a link that supports a smaller
MTU, such as Ethernet link
• Once fragmented, no reassembly occurs until
those fragments arrive at the destination, where
they will be reassembled at the Transport layer
• When the first fragment arrives at the destination,
however, the destination host begins counting
down from the TTL value of that packet
Chapter 3 82
3

Fragmentation and Reassembly

• Figure 3-17
through
3-19 show
the first,
middle, and
last
fragments
of a
fragment
set
Chapter 3 83
3
Second Packet of a
Fragment Set (More to Come Bit Is Set to
1 and the Offset Is 185 [1480 bytes])

Chapter 3 84
3

Fragmentation and Reassembly

• When the fragments


arrive at the destination
IP host, they are put
back in order based on
the Fragment Offset
value contained in the
IP header
• On a network that is low
on available bandwidth,
the fragment
retransmission process
causes more traffic on
the wire

Chapter 3 85
3

Service Delivery Options

• IP supports a method for defining packet


priority and route priority

• The Type of Service (TOS) field in the IP


header section is separated into two
distinct fields:
– Precedence

– Type of Service

Chapter 3 86
3

Precedence

• A router uses precedence to determine what


packet to send when several packets are
queued for transmission from a single-output
interface

• One example of precedence use is Voice over


IP (VoIP)

• The precedence for VoIP traffic may be set to


five to support VoIP real-time functionality
Chapter 3 87
3

Type of Service (TOS)

• Routers use TOS to select a routing path


when there are multiple paths available

• OSPF and Border Gateway Protocol (BGP)


are two examples of routing protocols that
support multiple types of services

Chapter 3 88
3

Type of Service (TOS)

Chapter 3 89
3

Type of Serviced Functionality

Chapter 3 90
3

Type of Serviced Functionality

Chapter 3 91
3

IP Header Fields and Functions

• Figure 3-20 depicts the entire IP header structure

Chapter 3 92
3

Version Field

• The first field in the IP header is the

Version field

• We are currently at version 4

Chapter 3 93
3

Header Length Field

• This field is also referred to as the Internet


Header Length (IHL) field

• This field denotes the length of the IP


header only

• This field value is provided in multiples of


four bytes

Chapter 3 94
3

Type of Service Field

• The TOS field actually has two components: precedence


and Type of Service
• Precedence is defined in the first three bits, and may be
used by routers to prioritize traffic that goes through
router queues

Chapter 3 95
3

Type of Service Field

Chapter 3 96
3

Type of Service Bit Settings

Chapter 3 97
3

Total Length Field

• This field
defines the
length of the IP
header and
any valid data
(does not
include any
data link
padding)
• In the example
shown in
Figure 3-22,
the total length
is 213 bytes

Chapter 3 98
3

Identification Field

• Each individual packet is given a unique


ID value when it is sent

• If the packet must be fragmented to fit on


a network that supports a smaller packet
size, the same ID number is placed in each
fragment
Chapter 3 99
3

Flags Field

• The Flags field is actually three bits long;


the bit value assignments are shown in
Table 3-14

Chapter 3 100
3

Fragment Offset Field

• If the packet is a fragment, this field


shows where to place this packet’s data
when the fragments are reassembled into
a single packet (at the destination IP host)

Chapter 3 101
3

Time to Live (TTL) Field

• This field denotes the remaining lifetime


(defined as seconds, but implemented as
hops through routers) of the packet

• Typical starting TTL values are 32, 64, and


128

Chapter 3 102
3

Protocol Field

• Headers should have some field that defines what


is coming up next

Chapter 3 103
3

Header Checksum Field

• The IP Header Checksum field provides error


detection on the contents of the IP header only
—it does not cover other contents of the
packet, nor does it include the Checksum field
itself in the calculation

• This is an error-detection mechanism in


addition to the data link error-detection
mechanism (such as the Ethernet CRC)

Chapter 3 104
3

Source Address Field

• This is the IP address of the IP host that


sent the packet

Chapter 3 105
3

Destination Address

• This field can include a unicast, multicast,


or broadcast address

• This is the final destination of the packet

Chapter 3 106
3

Options Fields

• The IP header can be extended by several options (although these


options are not often used)
• If the header is extended with options, those options must end on
a 4-byte boundary because the Internet Header Length (IHL) field
defines the header length in 4-byte boundaries

Chapter 3 107
3

Summary

• Because they manage access to the networking


medium, data link protocols also manage the
transfer of datagrams across the network
• When WAN protocols, such as SLIP or PPP, come
into play, it’s possible to use analog phone lines,
digital technologies that include ISDN, DSL, or T-
carrier connections, or switched technologies,
such as X.25, frame relay, or ATM, to establish
links that can carry IP and other datagrams from
a sender to a receiver

Chapter 3 108
3

Summary

• Ethernet II frames are the most common frame type on


LANs, but a variety of other frame types exist that
carry TCP/IP over Ethernet or token ring networks

• Understanding frame layouts is crucial for proper


handling of their contents, regardless of the type of
frame in use

• At the lower level of detail, it’s important to


understand the difference in field layouts and
meanings when comparing various frame types for
any particular network medium

Chapter 3 109
3

Summary

• Because hardware or MAC layer addresses are so


important when identifying individual hosts on any
TCP/IP network segment, it’s imperative to understand
how TCP/IP manages the translation between MAC
layer addresses and numeric IP addresses
• Understanding ARP packet fields greatly helps to
illuminate the address resolution process, particularly
the use of the “all-zeroes” address in the Target
Hardware Address field to indicate that a value is
needed

Chapter 3 110
3

Summary

• A more advanced mechanism called proxy


ARP permits a router to interconnect multiple
network segments and make them behave
like a single network segment

• Network layer protocols make their way to the


Data Link layer through a process known as
data encapsulation
Chapter 3 111
3

Summary

• When a frame must travel from one network


segment to another, a process to resolve its route
must occur

• Other important characteristics of IP datagrams


include: Time to Live (TTL) values, which prevent
stale frames from persisting indefinitely on a
network; fragmentation of incoming frames when
the next link on a route uses a smaller MTU than
the incoming link

Chapter 3 112