Chapter 1: Network Overview

1 2 3 4 Page 3
Page 3 of 4
  • Version Number (4 bits). Contains the IP version of the packet, which is how gateways along network paths know how to interpret data in the packet. If the version number is incorrect, the packet is silently discarded, which simply means that no error message is sent.
  • Internet Header Length (IHL) (4 bits). Reflects the total length of the IP header built by the sending host. The unit of measure is defined in RFC 791, “Internet Protocol,” as 32-bit words. The minimum value is five.
  • Differentiated Services (6 bits). Populated by the Type of Service parameter in the original specification, which has been updated by RFC 2474, “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.” A further update, RFC 3168, “The Addition of Explicit Congestion Notification (ECN) to IP,” added Explicit Congestion Notification (ECN), which is the next entry in this list. Differentiated services enable service discrimination by mapping the Differentiated Services Codepoint (DSCP) to a value that changes the treatment of packets by routers in its path. This essentially changes the per hop behavior (PHB).
  • Explicit Congestion Notification (ECN) (2 bits). The bits are used together to indicate any of the following status conditions:
  • 00. Not ECN-Capable Transport (Not-ECT)01. ECN-Capable Transport (ECT 1)10. ECN-Capable Transport (ECT 0). This is the same as ECT 1; implementations may use either.11. Congestion Experienced (CE)Equipment manufacturers slowly adopted ECN, but it is now available in most IP devices as a configuration option. Its main benefit is that routers can actually send notifications of congestion instead of simply dropping packets.
  • Total Length (16 bits).5 Indicates the total length of the datagram, including the header and data; the unit of measure is octets. The length of the data field can be computed by subtracting the Internet header length from this value. A recommendation is given in RFC 791, “Internet Protocol,” that hosts only send datagrams larger than 576 octets if there is assurance that the receiving end can accept large datagrams. The maximum Internet header length is 60 octets, although the most typical size is 20, which leaves ample room for a considerable amount of data. The liability of sending larger datagrams is that fragmentation can occur.
  • Identification (16 bits). Holds an identifying value that is assigned by the sending host. This number is required when reassembling fragmented messages, which ensures that the fragments of one message are not intermixed with other messages.
  • Flags (3 bits). Control flags used by the fragmentation process include the following:
  • Bit position 0 is reserved and must be zero.Bit position 1 indicates either may fragment (0) or don’t fragment (1).Bit position 2 indicates last fragment (0) or more fragments (1).
  • Fragment Offset (13 bits). Indicates where this fragment belongs in the datagram; it is measured in units of 8 octets. This enables IP to reassemble fragmented packets in the proper order.
  • Time to Live (TTL) (8 bits). Also called the hop limit. Generally automatically set by the sender and is decremented by 1 at each hop during its journey to the destination node. If the value reaches zero before the datagram reaches its destination, the datagram, which is probably undeliverable anyway, is discarded. The purpose of the TTL field is to avoid the risk of eternal packets overwhelming the Internet.
  • Protocol (8 bits). Identifies the next level protocol in the data portion of the Internet datagram as specified by the Internet Assigned Numbers Authority (IANA) in coordination with the IETF. A list used to be maintained in an RFC, but that was replaced by an online database at Some examples include the following.
  • DecimalKeywordProtocolReference0HOPOPTIPv6 Hop-by-Hop OptionRFC 18831ICMPInternet Control MessageRFC 7922IGMPInternet Group ManagementRFC 11123GGPGateway-to-GatewayRFC 8234IPIP in IP (encapsulation)RFC 20035STStreamRFC 1190 and RFC 18196TCPTransmission ControlRFC 7937CBTCBTTony Ballardie8EGPExterior Gateway ProtocolRFC888 and David Mills
  • Header Checksum (16 bits). Checksum for the header only. Because of changing header fields, such as the TTL value, the header checksum is recalculated and verified every time the Internet header is processed. The checksum algorithm takes the one’s complement, which negates negative numbers by inverting each bit in the number of the 16-bit sum of all 16-bit words. This is a fast, efficient algorithm, but it misses some unusual corruption circumstances, such as the loss of an entire 16-bit word that contains only 0s. However, because the data checksums used by both TCP and UDP cover the entire packet, these types of errors usually can be caught as the frame is assembled for the network transport.
  • Source IP Address (32 bits). The IP addresses of the sending host.
  • Destination IP Address (32 bits). The IP addresses of the receiving host.
  • Options (variable length). A mandatory implementation for all IP hosts and gateways; transmission of the field is optional. There are two possible use cases:
  • Case 1. One octet as option-type.Case 2. One octet as option-type; one octet as option-length; and a variable amount of option-data octets.The option-type octet has three fields that convey information:One bit for the copied flag (0 = not copied; 1 = copied).Two bits for the option class (0 = control; 1 = future use; 2 = debugging and measurement; 3 = future use).Five bits for the option number.There are seven control class (0) options and one debugging and measurement (2) option, as shown in Table 1-6.Table 1-6 OptionsClassNumberLengthDescription00—End of option list. Occupies one octet and has no length octet.01—No operation. Occupies one octet and has no length octet.0211Security. Carries security, compartmentation,* user group, and handling restriction codes.03VariableLoose source routing. Routes datagrams based on information supplied by the source host. Allowed to use any route or number of intermediate gateways.09VariableStrict source routing. Allows no deviations from the specified route. If the route cannot be followed, the datagram is dropped. Strict routing is frequently used for testing routes, but rarely for transmission of user datagrams. This is because of the increased chances of the datagram being dropped.07VariableRecord route. Used to trace the datagram route.084Stream ID. Carries the stream identifier.24VariableInternet timestamp.*Defined by the Merriam-Webster Online Dictionary as “division into separate sections or units.”
  • Padding (variable bits). Padding of zero values to ensure that the header ends on a 32-bit boundary.



Moving datagrams through the Internet or through an enterprise network requires the use of three important protocol components: name, address, and route. A name describes the target host; an address identifies where the target is located, usually its physical or logical location in a network; and a route shows how to get there.

In many ways, network addresses are analogous to the addresses that the postal service uses to deliver mail. Both have standard addressing conventions that everyone must use; the source and destination is included, although the postal service is flexible in that regard; there are times when the payload they are associated with is lost along the way. Where networks are concerned, topology, which shows computers and the links between them, is the deciding factor for choosing the correct addressing convention. Topologies are formed over one or more of the following network types:

  • Local area network (LAN). A link that operates mainly at the physical and data link layers. Examples of technologies are Ethernet, token ring, and FDDI.
  • Wide area network (WAN). Can include multiple, connected point-to-point links (hops); switched virtual circuits (SVCs), where the communication link is shared by multiple hosts that switch on data transmission and then release the circuit for use by others; permanent virtual circuits (PVCs), where multiple hosts are each assigned and permanently use one logical slice of the same communications link; Integrated Services Digital Network (ISDN), which is a telecommunications technology that carries voice, data, and video; and other physical media types. WAN operates at all TCP/IP and OSI Model layers or a subset thereof. Example technologies are HDLC, synchronous data link control (SDLC), Frame Relay, Asynchronous Transfer Mode (ATM), Frame Relay-to-ATM service interworking; and the Internet.
  • Metropolitan area network (MAN). Extends LAN capabilities to a geographic area that is the size of an average U.S. city. Operates mainly at the physical and data link layers, but with more instances of network layer operations than on most LANs. Examples are Ethernet, token ring, FDDI, and switched multimegabit data service (SMDS). Builders of MANs frequently take advantage of dark fiber, which are fiber-optic transmission facilities that are not in operation and were once installed for future use.
  • Mobile ad-hoc network (MANET). Leverages wireless, satellite, and radio communications to create a network that is literally mobile. Many law enforcement and military applications have this type of network.

Addresses are either physical, which means that they are hard-coded in the equipment, or logical. Because they are not hard-coded, logical addresses can be changed through a software-configuration process. IP uses logical addressing.

Unlike logical addresses, physical addresses cannot be seen beyond the boundary of the connected link. Routing does not occur at this layer because it forwards frames based on Layer 2 header information. One way to view the concept is to compare troubleshooting scenarios for each technology. Analyzing traffic on a Layer 3 link means that there might be multiple hops involved and that the end-to-end path could enter and exit multiple devices; a diagram of each hop, or point, would be labeled point A to point B to point C, and so forth, depending on the number of hops; the same work on a Layer 2 link is limited to point A to point B.

In OSI Model terminology, the physical address is called the Media Access Control (MAC) address. It is a data link layer function, not a physical layer function as the name might imply. The data link layer is subdivided into a logical link control (LLC) sublayer and the MAC sublayer. LLC and MAC addresses are administered under the authority of the IEEE.

The length of the physical address varies according to the networking system, but Ethernet and several others use 48 bits. For communication to occur, two addresses are required: one each for the sending and receiving devices. The IEEE assigns a 24-bit organization unique identifier (OUI) so that organizations can assign the remaining 24 bits to suit their unique needs. Two of the 24 bits assigned as an OUI are control bits. The IEEE Ethernet and allied standards use another address for link service access points (LSAPs), which provide services to Layer 3 protocols.

IP Addresses

TCP/IP within the IPv4 format uses a 32-bit address to identify a machine on a network and the network to which it is attached. IP addresses identify a machine’s connection to the network, not the machine itself. The IP address is the set of numbers that many people see on their workstations, such as, which uniquely identifies the device. When such a device is connected to the Internet, as opposed to a closed enterprise, it is at the bottom of a global hierarchy for address assignments. End users “rent” an IP address from their Internet Service Provider (ISP), who receives address assignments from a global network of authoritative registries, whose protocol-related operations are coordinated by IANA. Registry organizations can be a Local Internet Registry (LIR), Regional Internet Registry (RIR), or National Internet Registry (NIR). The list of current registries and their areas of coverage is as follows:

  • AfriNIC. Africa region.
  • APNIC. Asia/Pacific region.
  • ARIN. North America region.
  • LACNIC. Latin America and certain Caribbean islands.
  • RIPE NCC. Europe, Middle East, and Central Asia.

Of the, two available IP protocol versions—IPv4 and IPv6—IPv4 is by far the most widely used today. It was originally organized into classes:

  • Class A ( to for general use. Class A addresses are for large networks; they use 8 bits for the network ID and 24 bits for the host ID.
  • Class B ( to for general use. Class B addresses are for intermediate networks; they use 16-bit host addresses and 16-bit network addresses.
  • Class C ( to for general use. Class C addresses have only 8 bits for the host address, limiting the number of devices to 256. There are 24 bits for the network address.
  • Class D ( to multicast. Class D is for multicast purposes only; the manner of operation is that each multicast address represents a particular group of hosts. IANA assigns permanent addresses and allocates transient addresses through the network of registries.
  • Class E ( to reserved. Class E addresses have historically been reserved for use by the IETF for experimental purposes, but IANA is currently in the process of changing the designation to private use. At the time of writing, it is unclear what private use means in this context, but it is likely that this is a stopgap measure to avoid running out of addresses while the world waits for IPv6.

Certain blocks of addresses within the available spaces are reserved for private Internets. For example, the Class C range ( to is available and is what many ISP customers see on their computers in their home network.

Classes A, B, and C are most germane to this discussion, particularly as a foundation for understanding Classless Inter-Domain Routing (CIDR), which is discussed at the end of this section. Readers can see that the classful addressing scheme that has served the Internet so well in past decades is virtually slipping away without notice. It is now officially considered as having a “historic” status.

The term classful addressing comes from the fact that a specific number of bits assign an address to a class, and there are different combinations of possible networks and hosts according to each one. The design accommodates the unique networking requirements of organizations by offering options that match their own distributed computing environment. For example, a national sales force with small operations in 1,000 cities needs a lot of network addresses, but few host addresses. That is how it connects teams of only five or six employees to the rest of the company. Centralized business operations, on the other hand, require the opposite—a lot of host addresses and few network addresses. Table 1-7 summarizes classful network addresses for general-purpose classes.

Table 1-7 Classful Network Addressing

Host IDs with all 0s and all 1s cannot be assigned, which reduces the number of possible hosts by two.

Class A network ID numbers 0 and 127 are reserved, so 2 bits are subtracted in calculations.

Because even centralized operations, where most of the company’s workforce is in the same city, might need a campus network, classful addressing can subdivide a single network into several smaller ones, called subnetworks. Subnetting is accomplished by using subnet masks to change the meaning of an IP address. The subnet mask defines the network and host bits in an associated address and is one way to tell, at a glance, which class is in use. Table 1-8 shows the default masks in both dotted-decimal form and their full binary equivalents. It is customary to use a single zero in the dotted-decimal form to represent eight zeros in an octet.

Table 1-8 Subnet Mask translation

A visual inspection of the masks shown here, along with the total network ID bits in Table 1-7, reveals that bit positions populated by ones align with the network ID. The reverse of that is true and is shown in the number of possible hosts. What is not implicit in the visual part of the scheme is the fact that changes to a subnet mask can increase/decrease the number of hosts, but not the possible number of networks.

The following example uses a Class B subnet mask, where

  • n = a decimal position in the network octet
  • x = a decimal position in the host octet

Dotted Decimal BinaryDefault Class B network mask: 1111111.11111111.00000000.00000000 Network and host octets: nnn.nnn.x.x

Modifications to the mask affect the address as follows:

Modified Class B network mask: 11111111.11111111.11100000.00000000 Network, subnet, and host octets: nnn.nnn.x.x 11111111.11111111.00000000.00000000

The network and host octets do not change because this is still a Class B address according to the old classful addressing system. The change must be represented differently:

Address with default Class B mask: <network-number>, <host-number> Address with new subnet mask: <network-number>, <subnet-number>, <host-number>

This form of notation is used in, among other documents, RFC 1812,6 “Requirements for IP Version 4 Routers,” where the rules are laid out for the use of this historical scheme in a CIDR environment. CIDR addressing uses the length/prefix notation for addresses where the prefix represented the number of bits in a subnet mask, but now, it is part of the official convention for addressing. A CIDR address is described as

IP address = <network-prefix>, <host-number>

In router configurations = n.n.0.0/16

This CIDR naming convention looks exactly like what the legacy Class B mask would be if it were written as such, but it is not a Class B address. Subnetting allows users to get more out of their assigned address space within their own network. Devices with Internet connectivity need to use only those addresses that are in the range and assigned by their local registry.

The lengths of each section of the IP address were carefully chosen to provide maximum flexibility in assigning both network and local addresses. The total length is fixed at 32 bits and is divided into four octets according to the notation used to type the address on a keyboard or write it on paper. To put that description in context, here is a basic example of how an IP address translates from four octets—as people see them—to the 1s and 0s that machines can read. This example uses a common internal IP address.

An IP address written as four octets looks like this:

Figure 1-7 shows a way to convert this IP address without a calculator or conversion chart.

Figure 1-7Quick conversion of an IP address from octets to bits

To use this shortcut by hand, write the address’ decimal version on paper and leave room in between each for the values underneath. Because each decimal value represents an octet, 8-bit positions are populated in the next line, as Figure 1-7 shows. The last step is to add whichever numbers from the 8-bit positions equal the decimal value; fill in 1s underneath those values and 0s underneath those that were not used. The result is a 32-bit binary representation of the IP address.

From the IP address, a network can determine if the data will be sent out through a gateway. If the network address is the same as the current address (routing to a local network device, called a direct host), the gateway is avoided, but all other network addresses are routed to a gateway to leave the local network (indirect host). The gateway receiving the data to transmit to another network must then determine the routing from the data’s IP address and an internal table that provides routing information.

1 2 3 4 Page 3
Page 3 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon