The Network Layer: Data Plane (Chapter 4) PDF

Summary

This chapter details the network layer, specifically focusing on the data plane. It explains forwarding and routing functions, and how the data plane operates in a network. The content touches on traditional forwarding strategies, generalized forwarding, IPv4 and IPv6 protocols, and the control plane.

Full Transcript

CHAPTER 4
The Network
Layer: Data
Plane
We learned in the previous chapter that the transport layer provides various forms
of process-to-process communication by relying on the network layer’s host-to-host
communication service. We also learned that the transport layer does so without any
knowledge about how the network layer actually implements this service. So perhaps
you’re now wondering, what’s under the hood of the host-to-host communication
service, what makes it tick?
In this chapter and the next, we’ll learn exactly how the network layer can pro-
vide its host-to-host communication service. We’ll see that unlike the transport and
application layers, there is a piece of the network layer in each and every host and
router in the network. Because of this, network-layer protocols are among the most
challenging (and therefore among the most interesting!) in the protocol stack.
Since the network layer is arguably the most complex layer in the protocol
stack, we’ll have a lot of ground to cover here. Indeed, there is so much to cover
that we cover the network layer in two chapters. We’ll see that the network layer
can be decomposed into two interacting parts, the data plane and the control plane.
In Chapter 4, we’ll first cover the data plane functions of the network layer—the
per-router functions in the network layer that determine how a datagram (that is, a
network-layer packet) arriving on one of a router’s input links is forwarded to one
of that router’s output links. We’ll cover both traditional IP forwarding (where for-
warding is based on a datagram’s destination address) and generalized forwarding
(where forwarding and other functions may be performed using values in several
different fields in the datagram’s header). We’ll study the IPv4 and IPv6 protocols
and addressing in detail. In Chapter 5, we’ll cover the control plane functions of
the network layer—the network-wide logic that controls how a datagram is routed
333
333

M04_KURO5469_08_GE_C04.indd 333 08/05/2021 14:06
 334 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

among routers along an end-to-end path from the source host to the destination host.
We’ll cover routing algorithms, as well as routing protocols, such as OSPF and BGP,
that are in widespread use in today’s Internet. Traditionally, these control-plane rout-
ing protocols and data-plane forwarding functions have been implemented together,
monolithically, within a router. Software-defined networking (SDN) explicitly sepa-
rates the data plane and control plane by implementing these control plane functions
as a separate service, typically in a remote “controller.” We’ll also cover SDN con-
trollers in Chapter 5.
This distinction between data-plane and control-plane functions in the network
layer is an important concept to keep in mind as you learn about the network layer —
it will help structure your thinking about the network layer and reflects a modern
view of the network layer’s role in computer networking.

4.1 Overview of Network Layer
Figure 4.1 shows a simple network with two hosts, H1 and H2, and several routers on
the path between H1 and H2. Let’s suppose that H1 is sending information to H2, and
consider the role of the network layer in these hosts and in the intervening routers. The
network layer in H1 takes segments from the transport layer in H1, encapsulates each
segment into a datagram, and then sends the datagrams to its nearby router, R1. At the
receiving host, H2, the network layer receives the datagrams from its nearby router
R2, extracts the transport-layer segments, and delivers the segments up to the transport
layer at H2. The primary data-plane role of each router is to forward datagrams from
its input links to its output links; the primary role of the network control plane is to
coordinate these local, per-router forwarding actions so that datagrams are ultimately
transferred end-to-end, along paths of routers between source and destination hosts.
Note that the routers in Figure 4.1 are shown with a truncated protocol stack, that is,
with no upper layers above the network layer, because routers do not run application-
and transport-layer protocols such as those we examined in Chapters 2 and 3.

4.1.1 Forwarding and Routing: The Data and
Control Planes
The primary role of the network layer is deceptively simple—to move packets from
a sending host to a receiving host. To do so, two important network-layer functions
can be identified:

Forwarding. When a packet arrives at a router’s input link, the router must move
the packet to the appropriate output link. For example, a packet arriving from
Host H1 to Router R1 in Figure 4.1 must be forwarded to the next router on
a path to H2. As we will see, forwarding is but one function (albeit the most

M04_KURO5469_08_GE_C04.indd 334 08/05/2021 14:06
 4.1 OVERVIEW OF NETWORK LAYER 335

Application
Transport
Network
Link Network
Physical Link
End System H1 Physical

Router R1 Network Network
Network Link Link Router R2
Link Physical Physical Network
Physical Link
Physical

Application
Enterprise Network Transport
Network
Link
Physical
End System H2

Figure 4.1 ♦ The network layer

M04_KURO5469_08_GE_C04.indd 335 08/05/2021 14:06
 336 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

common and important one!) implemented in the data plane. In the more general
case, which we’ll cover in Section 4.4, a packet might also be blocked from exit-
ing a router (for example, if the packet originated at a known malicious sending
host, or if the packet were destined to a forbidden destination host), or might be
duplicated and sent over multiple outgoing links.
Routing. The network layer must determine the route or path taken by packets as
they flow from a sender to a receiver. The algorithms that calculate these paths
are referred to as routing algorithms. A routing algorithm would determine, for
example, the path along which packets flow from H1 to H2 in Figure 4.1. Routing
is implemented in the control plane of the network layer.

The terms forwarding and routing are often used interchangeably by authors dis-
cussing the network layer. We’ll use these terms much more precisely in this book.
Forwarding refers to the router-local action of transferring a packet from an input
link interface to the appropriate output link interface. Forwarding takes place at very
short timescales (typically a few nanoseconds), and thus is typically implemented in
hardware. Routing refers to the network-wide process that determines the end-to-end
paths that packets take from source to destination. Routing takes place on much longer
timescales (typically seconds), and as we will see is often implemented in software.
Using our driving analogy, consider the trip from Pennsylvania to Florida undertaken
by our traveler back in Section 1.3.1. During this trip, our driver passes through many
interchanges en route to Florida. We can think of forwarding as the process of getting
through a single interchange: A car enters the interchange from one road and deter-
mines which road it should take to leave the interchange. We can think of routing as
the process of planning the trip from Pennsylvania to Florida: Before embarking on
the trip, the driver has consulted a map and chosen one of many paths possible, with
each path consisting of a series of road segments connected at interchanges.
A key element in every network router is its forwarding table. A router forwards
a packet by examining the value of one or more fields in the arriving packet’s header,
and then using these header values to index into its forwarding table. The value stored
in the forwarding table entry for those values indicates the outgoing link interface at
that router to which that packet is to be forwarded. For example, in Figure 4.2, a packet
with header field value of 0110 arrives to a router. The router indexes into its forward-
ing table and determines that the output link interface for this packet is interface 2.
The router then internally forwards the packet to interface 2. In Section 4.2, we’ll look
inside a router and examine the forwarding function in much greater detail. Forward-
ing is the key function performed by the data-plane functionality of the network layer.

Control Plane: The Traditional Approach
But now you are undoubtedly wondering how a router’s forwarding tables are con-
figured in the first place. This is a crucial issue, one that exposes the important inter-
play between forwarding (in data plane) and routing (in control plane). As shown

M04_KURO5469_08_GE_C04.indd 336 08/05/2021 14:06
 4.1 OVERVIEW OF NETWORK LAYER 337

Routing
Algorithm
Control plane
Data plane
Local forwarding
table
header output
0100 3
0110 2
0111 2
1001 1

Values in arriving
packet’s header

0110 1
2
3

Figure 4.2 ♦ Routing algorithms determine values in forward tables

in Figure 4.2, the routing algorithm determines the contents of the routers’ forward-
ing tables. In this example, a routing algorithm runs in each and every router and
both forwarding and routing functions are contained within a router. As we’ll see in
Sections 5.3 and 5.4, the routing algorithm function in one router communicates with
the routing algorithm function in other routers to compute the values for its forward-
ing table. How is this communication performed? By exchanging routing messages
containing routing information according to a routing protocol! We’ll cover routing
algorithms and protocols in Sections 5.2 through 5.4.
The distinct and different purposes of the forwarding and routing functions can
be further illustrated by considering the hypothetical (and unrealistic, but technically
feasible) case of a network in which all forwarding tables are configured directly by
human network operators physically present at the routers. In this case, no routing
protocols would be required! Of course, the human operators would need to interact
with each other to ensure that the forwarding tables were configured in such a way
that packets reached their intended destinations. It’s also likely that human configu-
ration would be more error-prone and much slower to respond to changes in the net-
work topology than a routing protocol. We’re thus fortunate that all networks have
both a forwarding and a routing function!

M04_KURO5469_08_GE_C04.indd 337 08/05/2021 14:06
 338 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

Control Plane: The SDN Approach
The approach to implementing routing functionality shown in Figure 4.2—with each
router having a routing component that communicates with the routing component of
other routers—has been the traditional approach adopted by routing vendors in their
products, at least until recently. Our observation that humans could manually configure
forwarding tables does suggest, however, that there may be other ways for control-
plane functionality to determine the contents of the data-plane forwarding tables.
Figure 4.3 shows an alternative approach in which a physically separate, remote
controller computes and distributes the forwarding tables to be used by each and
every router. Note that the data plane components of Figures 4.2 and 4.3 are identi-
cal. In Figure 4.3; however, control-plane routing functionality is separated from the

Remote Controller

Control plane
Data plane

Local forwarding
table
header output
0100 3
0110 2
0111 2
1001 1

Values in arriving
packet’s header

0110 1
2
3

Figure 4.3 ♦ A remote controller determines and distributes values in
forwarding tables

M04_KURO5469_08_GE_C04.indd 338 08/05/2021 14:06
 4.1 OVERVIEW OF NETWORK LAYER 339

physical router—the routing device performs forwarding only, while the remote con-
troller computes and distributes forwarding tables. The remote controller might be
implemented in a remote data center with high reliability and redundancy, and might
be managed by the ISP or some third party. How might the routers and the remote
controller communicate? By exchanging messages containing forwarding tables and
other pieces of routing information. The control-plane approach shown in Figure 4.3
is at the heart of software-defined networking (SDN), where the network is “soft-
ware-defined” because the controller that computes forwarding tables and interacts
with routers is implemented in software. Increasingly, these software implementa-
tions are also open, that is, similar to Linux OS code, the code is publically available,
allowing ISPs (and networking researchers and students!) to innovate and propose
changes to the software that controls network-layer functionality. We will cover the
SDN control plane in Section 5.5.

4.1.2 Network Service Model
Before delving into the network layer’s data plane, let’s wrap up our introduction
by taking the broader view and consider the different types of service that might be
offered by the network layer. When the transport layer at a sending host transmits a
packet into the network (that is, passes it down to the network layer at the sending
host), can the transport layer rely on the network layer to deliver the packet to the
destination? When multiple packets are sent, will they be delivered to the transport
layer in the receiving host in the order in which they were sent? Will the amount
of time between the sending of two sequential packet transmissions be the same
as the amount of time between their reception? Will the network provide any feed-
back about congestion in the network? The answers to these questions and others
are determined by the service model provided by the network layer. The network
service model defines the characteristics of end-to-end delivery of packets between
sending and receiving hosts.
Let’s now consider some possible services that the network layer could provide.
These services could include:

Guaranteed delivery. This service guarantees that a packet sent by a source host
will eventually arrive at the destination host.
Guaranteed delivery with bounded delay. This service not only guarantees
delivery of the packet, but delivery within a specified host-to-host delay bound
(for example, within 100 msec).
In-order packet delivery. This service guarantees that packets arrive at the desti-
nation in the order that they were sent.
Guaranteed minimal bandwidth. This network-layer service emulates the behav-
ior of a transmission link of a specified bit rate (for example, 1 Mbps) between
sending and receiving hosts. As long as the sending host transmits bits (as part

M04_KURO5469_08_GE_C04.indd 339 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 361

been proposed to replace IPv4, in Section 4.3.4. In between, we’ll primarily cover
Internet addressing—a topic that might seem rather dry and detail-oriented but we’ll
see is crucial to understanding how the Internet’s network layer works. To master IP
addressing is to master the Internet’s network layer itself!

4.3.1 IPv4 Datagram Format
Recall that the Internet’s network-layer packet is referred to as a datagram. We begin
our study of IP with an overview of the syntax and semantics of the IPv4 datagram.
You might be thinking that nothing could be drier than the syntax and semantics of a
packet’s bits. Nevertheless, the datagram plays a central role in the Internet—every
networking student and professional needs to see it, absorb it, and master it. (And
just to see that protocol headers can indeed be fun to study, check out [Pomeranz
2010]). The IPv4 datagram format is shown in Figure 4.17. The key fields in the IPv4
datagram are the following:

Version number. These 4 bits specify the IP protocol version of the datagram.
By looking at the version number, the router can determine how to interpret the
remainder of the IP datagram. Different versions of IP use different datagram
formats. The datagram format for IPv4 is shown in Figure 4.17. The datagram
format for the new version of IP (IPv6) is discussed in Section 4.3.4.
Header length. Because an IPv4 datagram can contain a variable number of
options (which are included in the IPv4 datagram header), these 4 bits are needed

32 bits

Header
Version Type of service Datagram length (bytes)
length

16-bit Identifier Flags 13-bit Fragmentation offset

Upper-layer
Time-to-live Header checksum
protocol

32-bit Source IP address

32-bit Destination IP address

Options (if any)

Data

Figure 4.17 ♦ IPv4 datagram format

M04_KURO5469_08_GE_C04.indd 361 08/05/2021 14:06
 362 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

to determine where in the IP datagram the payload (for example, the transport-
layer segment being encapsulated in this datagram) actually begins. Most IP data-
grams do not contain options, so the typical IP datagram has a 20-byte header.
Type of service. The type of service (TOS) bits were included in the IPv4 header
to allow different types of IP datagrams to be distinguished from each other. For
example, it might be useful to distinguish real-time datagrams (such as those
used by an IP telephony application) from non-real-time traffic (e.g., FTP). The
specific level of service to be provided is a policy issue determined and config-
ured by the network administrator for that router. We also learned in Section 3.7.2
that two of the TOS bits are used for Explicit Congestion Notification.
Datagram length. This is the total length of the IP datagram (header plus data), meas-
ured in bytes. Since this field is 16 bits long, the theoretical maximum size of the IP
datagram is 65,535 bytes. However, datagrams are rarely larger than 1,500 bytes, which
allows an IP datagram to fit in the payload field of a maximally sized Ethernet frame.
Identifier, flags, fragmentation offset. These three fields have to do with so-called
IP fragmentation, when a large IP datagram is broken into several smaller IP data-
grams which are then forwarded independently to the destination, where they are
reassembled before their payload data (see below) is passed up to the transport layer
at the destination host. Interestingly, the new version of IP, IPv6, does not allow for
fragmentation. We’ll not cover fragmentation here; but readers can find a detailed
discussion online, among the “retired” material from earlier versions of this book.
Time-to-live. The time-to-live (TTL) field is included to ensure that datagrams
do not circulate forever (due to, for example, a long-lived routing loop) in the
network. This field is decremented by one each time the datagram is processed by
a router. If the TTL field reaches 0, a router must drop that datagram.
Protocol. This field is typically used only when an IP datagram reaches its final
destination. The value of this field indicates the specific transport-layer protocol
to which the data portion of this IP datagram should be passed. For example, a
value of 6 indicates that the data portion is passed to TCP, while a value of 17 indi-
cates that the data is passed to UDP. For a list of all possible values, see [IANA
Protocol Numbers 2016]. Note that the protocol number in the IP datagram has
a role that is analogous to the role of the port number field in the transport-layer
segment. The protocol number is the glue that binds the network and transport
layers together, whereas the port number is the glue that binds the transport and
application layers together. We’ll see in Chapter 6 that the link-layer frame also
has a special field that binds the link layer to the network layer.
Header checksum. The header checksum aids a router in detecting bit errors in a
received IP datagram. The header checksum is computed by treating each 2!bytes
in the header as a number and summing these numbers using 1s complement arith-
metic. As discussed in Section 3.3, the 1s complement of this sum, known as
the Internet checksum, is stored in the checksum field. A router computes the
header checksum for each received IP datagram and detects an error condition if

M04_KURO5469_08_GE_C04.indd 362 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 363

the checksum carried in the datagram header does not equal the computed check-
sum. Routers typically discard datagrams for which an error has been detected.
Note that the checksum must be recomputed and stored again at each router, since
the TTL field, and possibly the options field as well, will change. An interesting
discussion of fast algorithms for computing the Internet checksum is [RFC 1071].
A question often asked at this point is, why does TCP/IP perform error checking at
both the transport and network layers? There are several reasons for this repetition.
First, note that only the IP header is checksummed at the IP layer, while the TCP/
UDP checksum is computed over the entire TCP/UDP segment. Second, TCP/
UDP and IP do not necessarily both have to belong to the same protocol stack.
TCP can, in principle, run over a different network-layer protocol (for example,
ATM) [Black 1995]) and IP can carry data that will not be passed to TCP/UDP.
Source and destination IP addresses. When a source creates a datagram, it inserts
its IP address into the source IP address field and inserts the address of the ulti-
mate destination into the destination IP address field. Often the source host deter-
mines the destination address via a DNS lookup, as discussed in Chapter 2. We’ll
discuss IP addressing in detail in Section 4.3.2.
Options. The options fields allow an IP header to be extended. Header options
were meant to be used rarely—hence the decision to save overhead by not includ-
ing the information in options fields in every datagram header. However, the
mere existence of options does complicate matters—since datagram headers can
be of variable length, one cannot determine a priori where the data field will start.
Also, since some datagrams may require options processing and others may not,
the amount of time needed to process an IP datagram at a router can vary greatly.
These considerations become particularly important for IP processing in high-
performance routers and hosts. For these reasons and others, IP options were not
included in the IPv6 header, as discussed in Section 4.3.4.
Data (payload). Finally, we come to the last and most important field—the raison
d’etre for the datagram in the first place! In most circumstances, the data field of
the IP datagram contains the transport-layer segment (TCP or UDP) to be deliv-
ered to the destination. However, the data field can carry other types of data, such
as ICMP messages (discussed in Section 5.6).

Note that an IP datagram has a total of 20 bytes of header (assuming no options).
If the datagram carries a TCP segment, then each datagram carries a total of
40 bytes of header (20 bytes of IP header plus 20 bytes of TCP header) along with
the application-layer message.

4.3.2 IPv4 Addressing
We now turn our attention to IPv4 addressing. Although you may be thinking that
addressing must be a straightforward topic, hopefully by the end of this section you’ll
be convinced that Internet addressing is not only a juicy, subtle, and interesting topic

M04_KURO5469_08_GE_C04.indd 363 08/05/2021 14:06
 364 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

but also one that is of central importance to the Internet. An excellent treatment of
IPv4 addressing can be found in the first chapter in [Stewart 1999].
Before discussing IP addressing, however, we’ll need to say a few words about
how hosts and routers are connected into the Internet. A host typically has only a
single link into the network; when IP in the host wants to send a datagram, it does
so over this link. The boundary between the host and the physical link is called
an interface. Now consider a router and its interfaces. Because a router’s job is to
receive a datagram on one link and forward the datagram on some other link, a router
necessarily has two or more links to which it is connected. The boundary between the
router and any one of its links is also called an interface. A router thus has multiple
interfaces, one for each of its links. Because every host and router is capable of send-
ing and receiving IP datagrams, IP requires each host and router interface to have
its own IP address. Thus, an IP address is technically associated with an interface,
rather than with the host or router containing that interface.
Each IP address is 32 bits long (equivalently, 4 bytes), and there are thus a total
of 232 (or approximately 4 billion) possible IP addresses. These addresses are typi-
cally written in so-called dotted-decimal notation, in which each byte of the address
is written in its decimal form and is separated by a period (dot) from other bytes in
the address. For example, consider the IP address 193.32.216.9. The 193 is the deci-
mal equivalent of the first 8 bits of the address; the 32 is the decimal equivalent of
the second 8 bits of the address, and so on. Thus, the address 193.32.216.9 in binary
notation is

11000001 00100000 11011000 00001001

Each interface on every host and router in the global Internet must have an IP address
that is globally unique (except for interfaces behind NATs, as discussed in Section 4.3.3).
These addresses cannot be chosen in a willy-nilly manner, however. A portion of
an interface’s IP address will be determined by the subnet to which it is connected.
Figure 4.18 provides an example of IP addressing and interfaces. In this figure,
one router (with three interfaces) is used to interconnect seven hosts. Take a close
look at the IP addresses assigned to the host and router interfaces, as there are sev-
eral things to notice. The three hosts in the upper-left portion of Figure 4.18, and
the router interface to which they are connected, all have an IP address of the form
223.1.1.xxx. That is, they all have the same leftmost 24 bits in their IP address. These
four interfaces are also interconnected to each other by a network that contains no
routers. This network could be interconnected by an Ethernet LAN, in which case
the interfaces would be interconnected by an Ethernet switch (as we’ll discuss in
Chapter 6), or by a wireless access point (as we’ll discuss in Chapter 7). We’ll repre-
sent this routerless network connecting these hosts as a cloud for now, and dive into
the internals of such networks in Chapters 6 and 7.
In IP terms, this network interconnecting three host interfaces and one router
interface forms a subnet [RFC 950]. (A subnet is also called an IP network or simply

M04_KURO5469_08_GE_C04.indd 364 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 365

223.1.1.1
223.1.1.4 223.1.2.9 223.1.2.1

223.1.3.27

223.1.1.2

223.1.2.2

223.1.1.3

223.1.3.1 223.1.3.2

Figure 4.18 ♦ Interface addresses and subnets

a network in the Internet literature.) IP addressing assigns an address to this subnet:
223.1.1.0/24, where the /24 (“slash-24”) notation, sometimes known as a subnet
mask, indicates that the leftmost 24 bits of the 32-bit quantity define the subnet
address. The 223.1.1.0/24 subnet thus consists of the three host interfaces (223.1.1.1,
223.1.1.2, and 223.1.1.3) and one router interface (223.1.1.4). Any additional hosts
attached to the 223.1.1.0/24 subnet would be required to have an address of the form
223.1.1.xxx. There are two additional subnets shown in Figure 4.18: the 223.1.2.0/24
network and the 223.1.3.0/24 subnet. Figure 4.19 illustrates the three IP subnets pre-
sent in Figure 4.18.
The IP definition of a subnet is not restricted to Ethernet segments that connect
multiple hosts to a router interface. To get some insight here, consider Figure 4.20,
which shows three routers that are interconnected with each other by point-to-point
links. Each router has three interfaces, one for each point-to-point link and one for
the broadcast link that directly connects the router to a pair of hosts. What subnets
are present here? Three subnets, 223.1.1.0/24, 223.1.2.0/24, and 223.1.3.0/24, are
similar to the subnets we encountered in Figure 4.18. But note that there are three
additional subnets in this example as well: one subnet, 223.1.9.0/24, for the inter-
faces that connect routers R1 and R2; another subnet, 223.1.8.0/24, for the interfaces
that connect routers R2 and R3; and a third subnet, 223.1.7.0/24, for the interfaces
that connect routers R3 and R1. For a general interconnected system of routers and
hosts, we can use the following recipe to define the subnets in the system:

M04_KURO5469_08_GE_C04.indd 365 08/05/2021 14:06
 366 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

223.1.1.0/24
223.1.2.0/24

223.1.3.0/24

Figure 4.19 ♦ Subnet addresses

To determine the subnets, detach each interface from its host or router, creating
islands of isolated networks, with interfaces terminating the end points of the
isolated networks. Each of these isolated networks is called a subnet.

If we apply this procedure to the interconnected system in Figure 4.20, we get six
islands or subnets.
From the discussion above, it’s clear that an organization (such as a company or
academic institution) with multiple Ethernet segments and point-to-point links will
have multiple subnets, with all of the devices on a given subnet having the same subnet
address. In principle, the different subnets could have quite different subnet addresses.
In practice, however, their subnet addresses often have much in common. To understand
why, let’s next turn our attention to how addressing is handled in the global Internet.
The Internet’s address assignment strategy is known as Classless Interdomain
Routing (CIDR—pronounced cider) [RFC 4632]. CIDR generalizes the notion of
subnet addressing. As with subnet addressing, the 32-bit IP address is divided into
two parts and again has the dotted-decimal form a.b.c.d/x, where x indicates the
number of bits in the first part of the address.
The x most significant bits of an address of the form a.b.c.d/x constitute the
network portion of the IP address, and are often referred to as the prefix (or network
prefix) of the address. An organization is typically assigned a block of contiguous
addresses, that is, a range of addresses with a common prefix (see the Principles in
Practice feature). In this case, the IP addresses of devices within the organization
will share the common prefix. When we cover the Internet’s BGP routing protocol in

M04_KURO5469_08_GE_C04.indd 366 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 367

223.1.1.1 223.1.1.4

223.1.1.3

223.1.9.2 R1 223.1.7.0

223.1.9.1 223.1.7.1

R2 R3
223.1.8.1 223.1.8.0
223.1.2.6 223.1.3.27

223.1.2.1 223.1.2.2 223.1.3.1 223.1.3.2

Figure 4.20 ♦ Three routers interconnecting six subnets

Section 5.4, we’ll see that only these x leading prefix bits are considered by routers
outside the organization’s network. That is, when a router outside the organization
forwards a datagram whose destination address is inside the organization, only the
leading x bits of the address need be considered. This considerably reduces the size
of the forwarding table in these routers, since a single entry of the form a.b.c.d/x will
be sufficient to forward packets to any destination within the organization.
The remaining 32-x bits of an address can be thought of as distinguishing among the
devices within the organization, all of which have the same network prefix. These are
the bits that will be considered when forwarding packets at routers within the organiza-
tion. These lower-order bits may (or may not) have an additional subnetting structure,
such as that discussed above. For example, suppose the first 21 bits of the CIDRized
address a.b.c.d/21 specify the organization’s network prefix and are common to the IP
addresses of all devices in that organization. The remaining 11 bits then identify the
specific hosts in the organization. The organization’s internal structure might be such
that these 11 rightmost bits are used for subnetting within the organization, as discussed
above. For example, a.b.c.d/24 might refer to a specific subnet within the organization.
Before CIDR was adopted, the network portions of an IP address were constrained
to be 8, 16, or 24 bits in length, an addressing scheme known as classful addressing,

M04_KURO5469_08_GE_C04.indd 367 08/05/2021 14:06
 368 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

since subnets with 8-, 16-, and 24-bit subnet addresses were known as class A, B, and
C networks, respectively. The requirement that the subnet portion of an IP address be
exactly 1, 2, or 3 bytes long turned out to be problematic for supporting the rapidly
growing number of organizations with small and medium-sized subnets. A class C
(/24) subnet could accommodate only up to 28 2 2 5 254 hosts (two of the 28 5 256
addresses are reserved for special use)—too small for many organizations. However, a
class!B (/16) subnet, which supports up to 65,634 hosts, was too large. Under classful
addressing, an organization with, say, 2,000 hosts was typically allocated a class B
(/16) subnet address. This led to a rapid depletion of the class B address space and
poor utilization of the assigned address space. For example, the organization that
used a class B address for its 2,000 hosts was allocated enough of the address space
for up to 65,534 interfaces—leaving more than 63,000 addresses that could not be
used by other organizations.

PRINCIPLES IN PRACTICE
This example of an ISP that connects eight organizations to the Internet nicely illustrates how
carefully allocated CIDRized addresses facilitate routing. Suppose, as shown in Figure 4.21,
that the ISP (which we’ll call Fly-By-Night-ISP) advertises to the outside world that it should
be sent any datagrams whose first 20 address bits match 200.23.16.0/20. The rest of
the world need not know that within the address block 200.23.16.0/20 there are in fact
eight other organizations, each with its own subnets. This ability to use a single prefix to
advertise multiple networks is often referred to as address aggregation (also route
aggregation or route summarization).
Address aggregation works extremely well when addresses are allocated in blocks
to ISPs and then from ISPs to client organizations. But what happens when addresses
are not allocated in such a hierarchical manner? What would happen, for example, if
Fly-By-Night-ISP acquires ISPs-R-Us and then has Organization 1 connect to the Internet
through its subsidiary ISPs-R-Us? As shown in Figure 4.21, the subsidiary ISPs-R-Us owns
the address block 199.31.0.0/16, but Organization 1’s IP addresses are unfortunately
outside of this address block. What should be done here? Certainly, Organization 1 could
renumber all of its routers and hosts to have addresses within the ISPs-R-Us address block.
But this is a costly solution, and Organization 1 might well be reassigned to another
subsidiary in the future. The solution typically adopted is for Organization 1 to keep its
IP addresses in 200.23.18.0/23. In this case, as shown in Figure 4.22, Fly-By-Night-ISP
continues to advertise the address block 200.23.16.0/20 and ISPs-R-Us continues to
advertise 199.31.0.0/16. However, ISPs-R-Us now also advertises the block of addresses
for Organization 1, 200.23.18.0/23. When other routers in the larger Internet see the
address blocks 200.23.16.0/20 (from Fly-By-Night-ISP) and 200.23.18.0/23 (from ISPs-
R-Us) and want to route to an address in the block 200.23.18.0/23, they will use longest
prefix matching (see Section 4.2.1), and route toward ISPs-R-Us, as it advertises the long-
est (i.e., most-specific) address prefix that matches the destination address.

M04_KURO5469_08_GE_C04.indd 368 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 369

Organization 0
200.23.16.0/23
“Send me anything
Organization 1 with addresses
beginning
200.23.18.0/23
200.23.16.0/20”
Fly-By-Night-ISP
Organization 2
200.23.20.0/23

Internet

Organization 7
“Send me anything
200.23.30.0/23
with addresses
beginning
199.31.0.0/16”
ISPs-R-Us

Figure 4.21 ♦ Hierarchical addressing and route aggregation

Organization 0
200.23.16.0/23
“Send me anything
Organization 2 with addresses
beginning
200.23.20.0/23
200.23.16.0/20”
Fly-By-Night-ISP
Organization 7
200.23.30.0/23

“Send me anything
with addresses Internet
Organization 1 beginning
199.31.0.0/16 or
200.23.18.0/23 200.23.18.0/23”
ISPs-R-Us

Figure 4.22 ♦ ISPs-R-Us has a more specific route to Organization 1

M04_KURO5469_08_GE_C04.indd 369 08/05/2021 14:06
 370 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

We would be remiss if we did not mention yet another type of IP address, the IP
broadcast address 255.255.255.255. When a host sends a datagram with destination
address 255.255.255.255, the message is delivered to all hosts on the same subnet.
Routers optionally forward the message into neighboring subnets as well (although
they usually don’t).
Having now studied IP addressing in detail, we need to know how hosts and
subnets get their addresses in the first place. Let’s begin by looking at how an
organization gets a block of addresses for its devices, and then look at how a
device (such as a host) is assigned an address from within the organization’s block
of addresses.

Obtaining a Block of Addresses
In order to obtain a block of IP addresses for use within an organization’s subnet,
a network administrator might first contact its ISP, which would provide addresses
from a larger block of addresses that had already been allocated to the ISP. For
example, the ISP may itself have been allocated the address block 200.23.16.0/20.
The ISP, in turn, could divide its address block into eight equal-sized contiguous
address blocks and give one of these address blocks out to each of up to eight organi-
zations that are supported by this ISP, as shown below. (We have underlined the
subnet part of these addresses for your convenience.)

ISP’s block: 200.23.16.0/20 11001000 00010111 00010000 00000000
Organization 0 200.23.16.0/23 11001000 00010111 00010000 00000000
Organization 1 200.23.18.0/23 11001000 00010111 00010010 00000000
Organization 2 200.23.20.0/23 11001000 00010111 00010100 00000000
!!!!…!! …!!!!!!!!!!!!!!!!!!!! !!!…
Organization 7 200.23.30.0/23 11001000 00010111 00011110 00000000

While obtaining a set of addresses from an ISP is one way to get a block of
addresses, it is not the only way. Clearly, there must also be a way for the ISP itself
to get a block of addresses. Is there a global authority that has ultimate responsibility
for managing the IP address space and allocating address blocks to ISPs and other
organizations? Indeed there is! IP addresses are managed under the authority of the
Internet Corporation for Assigned Names and Numbers (ICANN) [ICANN 2020],
based on guidelines set forth in [RFC 7020]. The role of the nonprofit ICANN organ-
ization is not only to allocate IP addresses, but also to manage the DNS root servers.
It also has the very contentious job of assigning domain names and resolving domain
name disputes. The ICANN allocates addresses to regional Internet registries (for
example, ARIN, RIPE, APNIC, and LACNIC, which together form the Address

M04_KURO5469_08_GE_C04.indd 370 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 371

Supporting Organization of ICANN [ASO-ICANN 2020]), and handle the alloca-
tion/management of addresses within their regions.

Obtaining a Host Address: The Dynamic Host Configuration Protocol
Once an organization has obtained a block of addresses, it can assign individual
IP addresses to the host and router interfaces in its organization. A system admin-
istrator will typically manually configure the IP addresses into the router (often
remotely, with a network management tool). Host addresses can also be config-
ured manually, but typically this is done using the Dynamic Host Configuration
Protocol (DHCP) [RFC 2131]. DHCP allows a host to obtain (be allocated) an
IP address automatically. A network administrator can configure DHCP so that a
given host receives the same IP address each time it connects to the network, or a
host may be assigned a temporary IP address that will be different each time the
host connects to the network. In addition to host IP address assignment, DHCP also
allows a host to learn additional information, such as its subnet mask, the address
of its first-hop router (often called the default gateway), and the address of its local
DNS server.
Because of DHCP’s ability to automate the network-related aspects of connect-
ing a host into a network, it is often referred to as a plug-and-play or zeroconf
(zero-configuration) protocol. This capability makes it very attractive to the network
administrator who would otherwise have to perform these tasks manually! DHCP
is also enjoying widespread use in residential Internet access networks, enterprise
networks, and in wireless LANs, where hosts join and leave the network frequently.
Consider, for example, the student who carries a laptop from a dormitory room to
a library to a classroom. It is likely that in each location, the student will be con-
necting into a new subnet and hence will need a new IP address at each location.
DHCP is ideally suited to this situation, as there are many users coming and going,
and addresses are needed for only a limited amount of time. The value of DHCP’s
plug-and-play capability is clear, since it’s unimaginable that a system administrator
would be able to reconfigure laptops at each location, and few students (except those
taking a computer networking class!) would have the expertise to configure their
laptops manually.
DHCP is a client-server protocol. A client is typically a newly arriving host
wanting to obtain network configuration information, including an IP address for
itself. In the simplest case, each subnet (in the addressing sense of Figure 4.20) will
have a DHCP server. If no server is present on the subnet, a DHCP relay agent (typi-
cally a router) that knows the address of a DHCP server for that network is needed.
Figure 4.23 shows a DHCP server attached to subnet 223.1.2/24, with the router
serving as the relay agent for arriving clients attached to subnets 223.1.1/24 and
223.1.3/24. In our discussion below, we’ll assume that a DHCP server is available
on the subnet.

M04_KURO5469_08_GE_C04.indd 371 08/05/2021 14:06
 372 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

DHCP
server

223.1.2.5

223.1.1.1
223.1.1.4 223.1.2.9
223.1.2.1

223.1.3.27

223.1.1.2
Arriving
DHCP
client
223.1.2.2

223.1.1.3

223.1.3.1 223.1.3.2

Figure 4.23 ♦ DHCP client and server

For a newly arriving host, the DHCP protocol is a four-step process, as shown in
Figure 4.24 for the network setting shown in Figure 4.23. In this figure, yiaddr (as
in “your Internet address”) indicates the address being allocated to the newly arriving
client. The four steps are:

DHCP server discovery. The first task of a newly arriving host is to find a DHCP
server with which to interact. This is done using a DHCP discover message,
which a client sends within a UDP packet to port 67. The UDP packet is encap-
sulated in an IP datagram. But to whom should this datagram be sent? The host
doesn’t even know the IP address of the network to which it is attaching, much
less the address of a DHCP server for this network. Given this, the DHCP client
creates an IP datagram containing its DHCP discover message along with the
broadcast destination IP address of 255.255.255.255 and a “this host” source IP
address of 0.0.0.0. The DHCP client passes the IP datagram to the link layer,
which then broadcasts this frame to all nodes attached to the subnet (we will cover
the details of link-layer broadcasting in Section 6.4).
DHCP server offer(s). A DHCP server receiving a DHCP discover message
responds to the client with a DHCP offer message that is broadcast to all

M04_KURO5469_08_GE_C04.indd 372 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 373

DHCP server: Arriving client
223.1.2.5

DHCP discover
src: 0.0.0.0, 68
dest: 255.255.255.255,67
DHCPDISCOVER
yiaddr: 0.0.0.0
transaction ID: 654 DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255,68
DHCPOFFER
yiaddrr: 223.1.2.4
transaction ID: 654
DHCP server ID: 223.1.2.5
DHCP request Lifetime: 3600 secs
src: 0.0.0.0, 68
dest: 255.255.255.255, 67
DHCPREQUEST
yiaddrr: 223.1.2.4
transaction ID: 655
DHCP server ID: 223.1.2.5
Lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255,68
DHCPACK
yiaddrr: 223.1.2.4
transaction ID: 655
DHCP server ID: 223.1.2.5
Lifetime: 3600 secs

Time Time

Figure 4.24 ♦ DHCP client-server interaction

nodes on the subnet, again using the IP broadcast address of 255.255.255.255.
(You might want to think about why this server reply must also be broadcast).
Since several DHCP servers can be present on the subnet, the client may find
itself in the enviable position of being able to choose from among several
offers. Each server offer message contains the transaction ID of the received
discover message, the proposed IP address for the client, the network mask,
and an IP address lease time—the amount of time for which the IP address
will be valid. It is common for the server to set the lease time to several hours
or days [Droms 2002].

M04_KURO5469_08_GE_C04.indd 373 08/05/2021 14:06
 374 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

DHCP request. The newly arriving client will choose from among one or more
server offers and respond to its selected offer with a DHCP request message,
echoing back the configuration parameters.
DHCP ACK. The server responds to the DHCP request message with a DHCP
ACK message, confirming the requested parameters.

Once the client receives the DHCP ACK, the interaction is complete and the
client can use the DHCP-allocated IP address for the lease duration. Since a client
may want to use its address beyond the lease’s expiration, DHCP also provides a
mechanism that allows a client to renew its lease on an IP address.
From a mobility aspect, DHCP does have one very significant shortcoming.
Since a new IP address is obtained from DHCP each time a node connects to a
new subnet, a TCP connection to a remote application cannot be maintained as a
mobile node moves between subnets. In Chapter 7, we will learn how mobile cel-
lular networks allow a host to retain its IP address and ongoing TCP connections as
it moves between base stations in a provider’s cellular network. Additional details
about DHCP can be found in [Droms 2002] and [dhc 2020]. An open source refer-
ence implementation of DHCP is available from the Internet Systems Consortium
[ISC 2020].

4.3.3 Network Address Translation (NAT)
Given our discussion about Internet addresses and the IPv4 datagram format,
we’re now well aware that every IP-capable device needs an IP address. With the
proliferation of small office, home office (SOHO) subnets, this would seem to imply
that whenever a SOHO wants to install a LAN to connect multiple machines, a range
of addresses would need to be allocated by the ISP to cover all of the SOHO’s IP
devices (including phones, tablets, gaming devices, IP TVs, printers and more).
If the subnet grew bigger, a larger block of addresses would have to be allocated.
But what if the ISP had already allocated the contiguous portions of the SOHO
network’s current address range? And what typical homeowner wants (or should
need) to know how to manage IP addresses in the first place? Fortunately, there
is a simpler approach to address allocation that has found increasingly widespread
use in such scenarios: network address translation (NAT) [RFC 2663; RFC 3022;
Huston 2004, Zhang 2007; Huston 2017].
Figure 4.25 shows the operation of a NAT-enabled router. The NAT-enabled
router, residing in the home, has an interface that is part of the home network on
the right of Figure 4.25. Addressing within the home network is exactly as we
have seen above—all four interfaces in the home network have the same subnet
address of 10.0.0.0/24. The address space 10.0.0.0/8 is one of three portions of
the IP address space that is reserved in [RFC 1918] for a private network or a
realm with private addresses, such as the home network in Figure 4.25. A realm
with private addresses refers to a network whose addresses only have meaning to

M04_KURO5469_08_GE_C04.indd 374 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 375

NAT translation table

WAN side LAN side
138.76.29.7, 5001 10.0.0.1, 3345......

S = 10.0.0.1, 3345
D = 128.119.40.186, 80 10.0.0.1

1
S = 138.76.29.7, 5001
2
D = 128.119.40.186, 80
10.0.0.4 10.0.0.2
138.76.29.7
4
S = 128.119.40.186, 80 3 S = 128.119.40.186, 80
D = 138.76.29.7, 5001 D = 10.0.0.1, 3345
10.0.0.3

Figure 4.25 ♦ Network address translation

devices within that network. To see why this is important, consider the fact that
there are hundreds of thousands of home networks, many using the same address
space, 10.0.0.0/24. Devices within a given home network can send packets to each
other using 10.0.0.0/24 addressing. However, packets forwarded beyond the home
network into the larger global Internet clearly cannot use these addresses (as either
a source or a destination address) because there are hundreds of thousands of net-
works using this block of addresses. That is, the 10.0.0.0/24 addresses can only
have meaning within the given home network. But if private addresses only have
meaning within a given network, how is addressing handled when packets are sent
to or received from the global Internet, where addresses are necessarily unique? The
answer lies in understanding NAT.
The NAT-enabled router does not look like a router to the outside world. Instead
the NAT router behaves to the outside world as a single device with a single IP
address. In Figure 4.25, all traffic leaving the home router for the larger Internet has
a source IP address of 138.76.29.7, and all traffic entering the home router must have a
destination address of 138.76.29.7. In essence, the NAT-enabled router is hiding
the details of the home network from the outside world. (As an aside, you might
wonder where the home network computers get their addresses and where the router
gets its single IP address. Often, the answer is the same—DHCP! The router gets its
address from the ISP’s DHCP server, and the router runs a DHCP server to provide
addresses to computers within the NAT-DHCP-router-controlled home network’s
address space.)

M04_KURO5469_08_GE_C04.indd 375 08/05/2021 14:06
 376 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

If all datagrams arriving at the NAT router from the WAN have the same desti-
nation IP address (specifically, that of the WAN-side interface of the NAT router),
then how does the router know the internal host to which it should forward a given
datagram? The trick is to use a NAT translation table at the NAT router, and to
include port numbers as well as IP addresses in the table entries.
Consider the example in Figure 4.25. Suppose a user sitting in a home net-
work behind host 10.0.0.1 requests a Web page on some Web server (port 80)
with IP address 128.119.40.186. The host 10.0.0.1 assigns the (arbitrary) source
port number 3345 and sends the datagram into the LAN. The NAT router receives
the datagram, generates a new source port number 5001 for the datagram, replaces
the source IP address with its WAN-side IP address 138.76.29.7, and replaces the
original source port number 3345 with the new source port number 5001. When
generating a new source port number, the NAT router can select any source port
number that is not currently in the NAT translation table. (Note that because a port
number field is 16 bits long, the NAT protocol can support over 60,000 simul-
taneous connections with a single WAN-side IP address for the router!) NAT
in the router also adds an entry to its NAT translation table. The Web server,
blissfully unaware that the arriving datagram containing the HTTP request has
been manipulated by the NAT router, responds with a datagram whose destination
address is the IP address of the NAT router, and whose destination port number is
5001. When this datagram arrives at the NAT router, the router indexes the NAT
translation table using the destination IP address and destination port number to
obtain the appropriate IP address (10.0.0.1) and destination port number (3345)
for the browser in the home network. The router then rewrites the datagram’s
destination address and destination port number, and forwards the datagram into
the home network.
NAT has enjoyed widespread deployment in recent years. But NAT is
not without detractors. First, one might argue that, port numbers are meant to
be used for addressing processes, not for addressing hosts. This violation can
indeed cause problems for servers running on the home network, since, as we
have seen in Chapter 2, server processes wait for incoming requests at well-
known port numbers and peers in a P2P protocol need to accept incoming con-
nections when acting as servers. How can one peer connect to another peer that
is behind a NAT server, and has a DHCP-provided NAT address? Technical
solutions to these problems include NAT traversal tools [RFC 5389] [RFC
5389, RFC 5128, Ford 2005].
More “philosophical” arguments have also been raised against NAT by
architectural purists. Here, the concern is that routers are meant to be layer 3
(i.e., network-layer) devices, and should process packets only up to the net-
work layer. NAT violates this principle that hosts should be talking directly
with each other, without interfering nodes modifying IP addresses, much less
port numbers. We’ll return to this debate later in Section 4.5, when we cover
middleboxes.

M04_KURO5469_08_GE_C04.indd 376 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 377

FOCUS ON SECURITY
INSPECTING DATAGRAMS: FIREWALLS AND INTRUSION DETECTION SYSTEMS
Suppose you are assigned the task of administering a home, departmental, university, or
corporate network. Attackers, knowing the IP address range of your network, can easily
send IP datagrams to addresses in your range. These datagrams can do all kinds of
devious things, including mapping your network with ping sweeps and port scans,
crashing vulnerable hosts with malformed packets, scanning for open TCP/UDP ports on
servers in your network, and infecting hosts by including malware in the packets. As the
network administrator, what are you going to do about all those bad guys out there, each
capable of sending malicious packets into your network? Two popular defense mechanisms
to malicious packet attacks are firewalls and intrusion detection systems (IDSs).
As a network administrator, you may first try installing a firewall between your
network and the Internet. (Most access routers today have firewall capability.)
Firewalls inspect the datagram and segment header fields, denying suspicious data-
grams entry into the internal network. For example, a firewall may be configured to
block all ICMP echo request packets (see Section 5.6), thereby preventing an attack-
er from doing a traditional port scan across your IP address range. Firewalls can
also block packets based on source and destination IP addresses and port numbers.
Additionally, firewalls can be configured to track TCP connections, granting entry
only to datagrams that belong to approved connections.
Additional protection can be provided with an IDS. An IDS, typically situated at
the network boundary, performs “deep packet inspection,” examining not only head-
er fields but also the payloads in the datagram (including application-layer data).
An IDS has a database of packet signatures that are known to be part of attacks.
This database is automatically updated as new attacks are discovered. As packets
pass through the IDS, the IDS attempts to match header fields and payloads to the
signatures in its signature database. If such a match is found, an alert is created. An
intrusion prevention system (IPS) is similar to an IDS, except that it actually blocks
packets in addition to creating alerts. We’ll explore firewalls and IDSs in more detail
in Section 4.5 and in again Chapter 8.
Can firewalls and IDSs fully shield your network from all attacks? The answer is
clearly no, as attackers continually find new attacks for which signatures are not yet
available. But firewalls and traditional signature-based IDSs are useful in protecting
your network from known attacks.

4.3.4 IPv6
In the early 1990s, the Internet Engineering Task Force began an effort to develop a
successor to the IPv4 protocol. A prime motivation for this effort was the realization
that the 32-bit IPv4 address space was beginning to be used up, with new subnets

M04_KURO5469_08_GE_C04.indd 377 08/05/2021 14:06
 378 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

and IP nodes being attached to the Internet (and being allocated unique IP addresses)
at a breathtaking rate. To respond to this need for a large IP address space, a new
IP protocol, IPv6, was developed. The designers of IPv6 also took this opportunity
to tweak and augment other aspects of IPv4, based on the accumulated operational
experience with IPv4.
The point in time when IPv4 addresses would be completely allocated (and
hence no new networks could attach to the Internet) was the subject of considerable
debate. The estimates of the two leaders of the IETF’s Address Lifetime Expec-
tations working group were that addresses would become exhausted in 2008 and
2018, respectively [Solensky 1996]. In February 2011, IANA allocated out the last
remaining pool of unassigned IPv4 addresses to a regional registry. While these reg-
istries still have available IPv4 addresses within their pool, once these addresses are
exhausted, there are no more available address blocks that can be allocated from a
central pool [Huston 2011a]. A recent survey of IPv4 address-space exhaustion, and
the steps taken to prolong the life of the address space is [Richter 2015]; a recent
analysis of IPv4 address use is [Huston 2019].
Although the mid-1990s estimates of IPv4 address depletion suggested that a
considerable amount of time might be left until the IPv4 address space was exhausted,
it was realized that considerable time would be needed to deploy a new technology
on such an extensive scale, and so the process to develop IP version 6 (IPv6) [RFC
2460] was begun [RFC 1752]. (An often-asked question is what happened to IPv5?
It was initially envisioned that the ST-2 protocol would become IPv5, but ST-2 was
later dropped.) An excellent source of information about IPv6 is [Huitema 1998].

IPv6 Datagram Format
The format of the IPv6 datagram is shown in Figure 4.26. The most important
changes introduced in IPv6 are evident in the datagram format:

Expanded addressing capabilities. IPv6 increases the size of the IP address from
32 to 128 bits. This ensures that the world won’t run out of IP addresses. Now,
every grain of sand on the planet can be IP-addressable. In addition to unicast and
multicast addresses, IPv6 has introduced a new type of address, called an anycast
address, that allows a datagram to be delivered to any one of a group of hosts.
(This feature could be used, for example, to send an HTTP GET to the nearest of
a number of mirror sites that contain a given document.)
A streamlined 40-byte header. As discussed below, a number of IPv4 fields have
been dropped or made optional. The resulting 40-byte fixed-length header allows
for faster processing of the IP datagram by a router. A new encoding of options
allows for more flexible options processing.
Flow labeling. IPv6 has an elusive definition of a flow. RFC 2460 states that this
allows “labeling of packets belonging to particular flows for which the sender

M04_KURO5469_08_GE_C04.indd 378 08/05/2021 14:06
 4.3 THE INTERNET PROTOCOL (IP): IPV4, ADDRESSING, IPV6, AND MORE 379

32 bits

Version Traffic class Flow label

Payload length Next hdr Hop limit

Source address
(128 bits)

Destination address
(128 bits)

Data

Figure 4.26 ♦ IPv6 datagram format

requests special handling, such as a non-default quality of service or real-time
service.” For example, audio and video transmission might likely be treated as
a flow. On the other hand, the more traditional applications, such as file transfer
and e-mail, might not be treated as flows. It is possible that the traffic carried by a
high-priority user (for example, someone paying for better service for their traffic)
might also be treated as a flow. What is clear, however, is that the designers of
IPv6 foresaw the eventual need to be able to differentiate among the flows, even
if the exact meaning of a flow had yet to be determined.

As noted above, a comparison of Figure 4.26 with Figure 4.17 reveals the sim-
pler, more streamlined structure of the IPv6 datagram. The following fields are
defined in IPv6:

Version. This 4-bit field identifies the IP version number. Not surprisingly, IPv6
carries a value of 6 in this field. Note that putting a 4 in this field does not create
a valid IPv4 datagram. (If it did, life would be a lot simpler—see the discussion
below regarding the transition from IPv4 to IPv6.)
Traffic class. The 8-bit traffic class field, like the TOS field in IPv4, can be used
to give priority to certain datagrams within a flow, or it can be used to give pri-
ority to datagrams from certain applications (for example, voice-over-IP) over
datagrams from other applications (for example, SMTP e-mail).
Flow label. As discussed above, this 20-bit field is used to identify a flow of datagrams.
Payload length. This 16-bit value is treated as an unsigned integer giving the
number of bytes in the IPv6 datagram following the fixed-length, 40-byte data-
gram header.

M04_KURO5469_08_GE_C04.indd 379 08/05/2021 14:06
 380 CHAPTER 4 THE NETWORK LAYER: DATA PLANE

Next header. This field identifies the protocol to which the contents (data field) of
this datagram will be delivered (for example, to TCP or UDP). The field uses the
same values as the protocol field in the IPv4 header.
Hop limit. The contents of this field are decremented by one by each router that
forwards the datagram. If the hop limit count reaches zero, a router must discard
that datagram.
Source and destination addresses. The various formats of the IPv6 128-bit address
are described in RFC 4291.
Data. This is the payload portion of the IPv6 datagram. When the datagram
reaches its destination, the payload will be removed from the IP datagram and
passed on to the protocol specified in the next header field.

The discussion above identified the purpose of the fields that are included in the
IPv6 datagram. Comparing the IPv6 datagram format in Figure 4.26 with the IPv4
datagram format that we saw in Figure 4.17, we notice that several fields appearing
in the IPv4 datagram are no longer present in the IPv6 datagram:

Fragmentation/reassembly. IPv6 does not allow for fragmentation and reassem-
bly at intermediate routers; these operations can be performed only by the source
and destination. If an IPv6 datagram received by a router is too large to be for-
warded over the outgoing link, the router simply drops the datagram and sends a
“Packet Too Big” ICMP error message (see Section 5.6) back to the sender. The
sender can then resend the data, using a smaller IP datagram size. Fragmentation
and reassembly is a time-consuming operation; removing this functionality from
the routers and placing it squarely in the end systems considerably speeds up IP
forwarding within the network.
Header checksum. Because the transport-layer (for example, TCP and UDP) and
link-layer (for example, Ethernet) protocols in the Internet layers perform check-
summing, the designers of IP probably felt that this functionality was sufficiently
redundant in the network layer that it could be removed. Once again, fast pro-
cessing of IP packets was a central concern. Recall from our discussion of IPv4
in Section 4.3.1 that since the IPv4 header contains a TTL field (similar to the
hop limit field in IPv6), the IPv4 header checksum needed to be recomputed at
every router. As with fragmentation and reassembly, this too was a costly opera-
tion in IPv4.
Options. An options field is no longer a part of the standard IP header. How-
ever, it has not gone away. Instead, the options field is one of the possible next
headers pointed to from within the IPv6 header. That is, just as TCP or UDP
protocol headers can be the next header within an IP packet, so too can a