Network Layer-I PDF

Summary

These notes provide an introduction to the network layer in computer networks, covering topics such as host-to-host delivery, datagram structure, network-layer services, routing, and forwarding. The document discusses the different types of services provided at the network layer and the important aspects of the network layer's design choices.

Full Transcript

Network Layer-I:
The network layer in the TCP/IP protocol suite is responsible for the
host-to-host
delivery of datagrams. It provides services to the transport layer and
receives services
from the data-link layer.

A datagram is a basic transfer unit associated with a packet-switched
network. Datagrams are typically structured in header and payload
sections. Datagrams provide a connectionless communication service
across a packet-switched network.
NETWORK-LAYER SERVICES
Before discussing the network layer in the Internet today, let’s briefly
discuss the
 Network Layer-I:
The figure shows that the Internet is made of many networks (or links)
connected
through the connecting devices.
In other words, the Internet is an internetwork, a combination of LANs
and WANs.
To better understand the role of the network layer (or the internetwork
layer), we need to think about the connecting devices (routers or
switches) that connect the LANs and WANs.
As the figure shows, the network layer is involved at the source host,
destination host, and all routers in the path (R2, R4, R5, and R7).
At the source host (Alice), the network layer accepts a packet from a
transport layer, encapsulates the packet in a datagram, and delivers the
packet to the data-link layer.
At the destination host (Bob), the datagram is decapsulated, and the
packet is extracted and delivered to the corresponding transport layer.
 Network Layer-I:
Although the source and destination hosts are involved in all five layers of the
TCP/IP suite, the routers use three layers if they are routing packets only;
however, they may need the transport and application layers for control
purposes.
A router in the path is normally shown with two data-link layers and two physical
layers,
because it receives a packet from one network and delivers it to another
network.
Packetizing
The first duty of the network layer is definitely packetizing: encapsulating the
payload (data received from upper layer) in a network-layer packet at the
source and decapsulating the payload from the network-layer packet at the
destination.
The source host receives the payload from an upper-layer protocol, adds a
header
that contains the source and destination addresses and some other information
that is
required by the network-layer protocol (as discussed later) and delivers the
packet to
the data-link layer.
 Network Layer-I:
The source is not allowed to change the content of the payload unless
it is too large for delivery and needs to be fragmented.
The destination host receives the network-layer packet from its data-
link layer, decapsulates the packet, and delivers the payload to the
corresponding upper-layer protocol.
If the packet is fragmented at the source or at routers along the path,
the network layer is responsible for waiting until all fragments arrive,
reassembling them, and delivering them to the upper-layer protocol.
The routers in the path are not allowed to decapsulate the packets
they received unless the packets need to be fragmented.
The routers are not allowed to change source and destination
addresses either.
 Network Layer-I:
Routing and Forwarding
Routing
The network layer is responsible for routing the packet from its source to the
destination.
A physical network is a combination of networks (LANs and WANs) and
routers that connect them.
This means that there is more than one route from the source to the
destination.
The network layer is responsible for finding the best one among these
possible routes.
The network layer needs to have some specific strategies for defining the
best route.
In the Internet today, this is done by running some routing protocols to help
the routers coordinate their knowledge about the neighborhood and to come
up with consistent tables to be used when a packet arrives.
 Network Layer-I:
Forwarding
forwarding can be defined as the action applied by each router when
a packet arrives at one of its interfaces.
The decision-making table a router normally uses for applying this
action is sometimes called the forwarding table and sometimes the
routing table.
When a router receives a packet from one of its attached networks, it
needs to forward the packet to another attached network (in unicast
routing) or to some attached networks (in multicast routing).
To make this decision, the router uses a piece of information in the
packet header, which can be the destination address or a label, to find
the corresponding output interface number in the forwarding table.
Figure 18.2 shows the idea of the forwarding process in a router
 Network Layer-I:
Other Services
Error Control
Although error control also can be implemented in the network layer, the designers of the network
layer in the Internet ignored this issue for the data being carried by the network layer.
One reason for this decision is the fact that the packet in the network layer may be fragmented at
each router, which makes error checking at this layer inefficient.
Flow Control
Flow control regulates the amount of data a source can send without overwhelming the
receiver.
If the upper layer at the source computer produces data faster than the upper layer at the
destination computer can consume it, the receiver will be overwhelmed with data.
To control the flow of data, the receiver needs to send some feedback to the sender to inform the
latter that it is overwhelmed with data.
The network layer in the Internet, however, does not directly provide any flow control.
The datagrams are sent by the sender when they are ready, without any attention to the readiness
of the receiver.
 Network Layer-I:
A few reasons for the lack of flow control in the design of the network
layer can be mentioned.
First, since there is no error control in this layer, the job of the network
layer at the receiver is so simple that it may rarely be overwhelmed.
Second, the upper layers that use the service of the network layer can
implement buffers to receive data from the network layer as they are
ready and do not have to consume the data as fast as it is received.
Third, flow control is provided for most of the upper-layer protocols
that use the services of the network layer, so another level of flow
control makes the network layer more complicated and the whole
system less efficient.
Flow control is design issue at Data Link Layer. It is a technique that
generally observes the proper flow of data from sender to receiver.
 Network Layer-I:
Congestion Control
Another issue in a network-layer protocol is congestion control.
Congestion in the network layer is a situation in which too many
datagrams are present in an area of the
Internet.
Congestion may occur if the number of datagrams sent by source
computers is
beyond the capacity of the network or routers.
In this situation, some routers may drop some of the datagrams.
However, as more datagrams are dropped, the situation may become
worse because, due to the error control mechanism at the upper layers,
the sender may send duplicates of the lost packets.
If the congestion continues, sometimes a situation may reach a point
where the system collapses and no datagrams are delivered.
 Network Layer-I:
The reliance on individual routers to make routing decisions means each
access point on the route must maintain a database of preferable
directions for each ultimate destination.
This disconnected strategy works most of the time. However, one router
cannot know instantly if another router further down the line is overloaded or
defective.
All routers periodically inform their neighboring devices of status conditions.
A problem at one point ripples through to recalculations performed in
neighboring routers.

Sometimes a router will calculate the best path and send a packet down a
blocked route.
By the time the packet approaches that block, the routers closer to the
problem will already know about it and reroute the packet around the
defective neighbor.
That rerouting can overload alternative routers.
 Network Layer-I:
Quality of Service
As the Internet has allowed new applications such as multimedia
communication (in
particular real-time communication of audio and video), the quality of
service (QoS) of
the communication has become more and more important.
The Internet has thrived by providing better quality of service to
support these applications.
However, to keep the network layer untouched, these provisions are
mostly implemented in the upper layer.
 Network Layer-I:
PROVIDING QoS IN THE INTERNET
To support real-time audio and video communications the Internet must
provide some level of end-to-end QoS.
One approach provides differentiated service in the sense that some classes
of traffic are treated preferentially relative to other classes.
Packets are marked at the edge of the network to indicate the type of
treatment that they are to receive in the routers inside the network.
This approach does not provide strict QoS guarantees.
A second approach provides guaranteed service that gives a strict bound on
the end-to-end delay experienced by all packets that belong to a specific
flow.
This approach requires making resource reservations in the routers along the
route followed by the given packet flow.
Weighted fair queueing combined with traffic regulators are needed in the
routers to provide this type of service.
 Network Layer-I:
Security
Another issue related to communication at the network layer is
security.
Security was not a concern when the Internet was originally designed
because it was used by a small number of users at universities for
research activities; other people had no access to the Internet.
The network layer was designed with no security provision.
Today, however, security is a big concern.
To provide security for a connectionless network layer, we need to
have another virtual level that changes the connectionless service to
a connection-oriented service.
This virtual layer, called IPSec.
 Network Layer-I:
PACKET SWITCHING
Switching: process of forwarding packet between devices on a N/W based
on dest addr.
Although in data communication switching techniques are divided into two broad
categories, circuit switching and packet switching, only packet switching is used at
the
network layer because the unit of data at this layer is a packet.
Circuit switching is mostly used at the physical layer; the electrical switch
mentioned earlier is a kind of circuit switch.
At the network layer, a message from the upper layer is divided into manageable
packets and each packet is sent through the network.
The source of the message sends the packets one by one; the destination of the
message receives the packets one by one.
The destination waits for all packets belonging to the same message to arrive before
delivering the message to the upper layer.
 Network Layer-I:
The connecting devices in a packet-switched network still need to
decide how to route the packets to the final destination.
Today, a packet-switched network can use two different approaches to
route the packets: the datagram approach and the virtual circuit
approach.
Datagram Approach: Connectionless Service
When the Internet started, to make it simple, the network layer was
designed to provide a connectionless service in which the network-
layer protocol treats each packet independently, with each packet
having no relationship to any other packet.
The idea was that the network layer is only responsible for delivery of
packets from the source to the destination.
In this approach, the packets in a message may or may not travel the
same path to their destination. Figure 18.3 shows the idea.
 Network Layer-I:
Each packet traveling in the Internet is an independent entity; there is no
relationship between packets belonging to the same message.
The switches in this type of network are called routers.
A packet belonging to a message may be followed by a packet belonging to the
same message or to a different message.
Each packet is routed based on the information contained in its header: source
and
destination addresses.
The destination address defines where it should go; the source address defines
where it comes from.
The router in this case routes the packet based only on the destination address.
The source address may be used to send an error message to the source if the
packet is discarded.
Figure 18.4 shows the forwarding process in a router in this case. We have used
symbolic addresses such as A and B.
 Network Layer-I:
Virtual-Circuit Approach: Connection-Oriented Service
In a connection-oriented service (also called virtual-circuit approach),
there is a relationship between all packets belonging to a message.
Before all datagrams in a message can be sent, a virtual connection
should be set up to define the path for the datagrams.
After connection setup, the datagrams can all follow the same path.
In this type of service, not only must the packet contain the source and
destination addresses, it must also contain a flow label, a virtual circuit
identifier that defines the virtual path the packet should follow.
LABEL refers to a unique identifier associated with particular path or
connection established between the source & destination.
It is used to forward packets along the predefined path within a network.
Use of LABEL makes source & destination addr unnecessary during data
transfer, but part of the packet still using connectionless service and
protocol at this layer is designed with these adrress.
 Network Layer-I:
In this case, the forwarding decision is based on the value of the label,
or virtual circuit identifier, as it is sometimes called.
To create a connection-oriented service, a three-phase process is
used: setup, data
transfer, and teardown.
In the setup phase, the source and destination addresses of the
sender and receiver are used to make table entries for the connection-
oriented service.
In the teardown phase, the source and destination inform the router to
delete the corresponding entries.
Data transfer occurs between these two phases.
 Each packet is forwarded based on the label in the packet.
To follow the idea of connection-oriented design to be used in the
Internet, we assume that the packet has a label when it reaches
the router. Figure 18.6 shows the idea.
In this case, the forwarding decision is based on the value of the
label, or virtual circuit identifier, as it is sometimes called.
To create a connection-oriented service, a three-phase process is
used: setup, data transfer, and teardown.
In the setup phase, the source and destination addresses of the
sender and receiver are used to make table entries for the
connection-oriented service.
In the teardown phase, the source and destination inform the
router to delete the corresponding entries. Data transfer occurs
between these two phases.
 Network Layer-I:
Setup Phase
In the setup phase, a router creates an entry for a virtual circuit. For
example, suppose
source A needs to create a virtual circuit to destination B.
Two auxiliary packets need to be exchanged between the sender and
the receiver: the request packet and the acknowledgment packet.
Request packet
A request packet is sent from the source to the destination. This
auxiliary packet carries
the source and destination addresses. Figure 18.7 shows the process.
 Network Layer-I:
1. Source A sends a request packet to router R1.
2. Router R1 receives the request packet. It knows that a packet going from A to
B
goes out through port 3. How the router has obtained this information is a point
covered later. For the moment, assume that it knows the output port. The router
creates an entry in its table for this virtual circuit, but it is only able to fill three
of
the four columns. The router assigns the incoming port (1) and chooses an
available
incoming label (14) and the outgoing port (3). It does not yet know the outgoing
label, which will be found during the acknowledgment step. The router then
forwards the packet through port 3 to router R3.
3. Router R3 receives the setup request packet. The same events happen here
as at
router R1; three columns of the table are completed: in this case, incoming port
(1),
incoming label (66), and outgoing port (3).
 Network Layer-I:
4. Router R4 receives the setup request packet. Again, three columns are
completed:
incoming port (1), incoming label (22), and outgoing port (4).
5. Destination B receives the setup packet, and if it is ready to receive
packets from
A, it assigns a label to the incoming packets that come from A, in this
case 77, as
shown in Figure 18.8. This label lets the destination know that the
packets come
from A, and not from other sources.
Acknowledgment Packet
A special packet, called the acknowledgment packet, completes the
entries in the
switching tables. Figure 18.8 shows the process.
 Network Layer-I:
1. The destination sends an acknowledgment to router R4. The
acknowledgment carries
the global source and destination addresses so the router knows which entry in
the table is to be completed. The packet also carries label 77, chosen by the
destination
as the incoming label for packets from A. Router R4 uses this label to complete
the outgoing label column for this entry. Note that 77 is the incoming label
for destination B, but the outgoing label for router R4.
2. Router R4 sends an acknowledgment to router R3 that contains its incoming
label
in the table, chosen in the setup phase. Router R3 uses this as the outgoing
label in
the table.
3. Router R3 sends an acknowledgment to router R1 that contains its incoming
label
in the table, chosen in the setup phase. Router R1 uses this as the outgoing
label in
the table.
 Network Layer-I:
4. Finally router R1 sends an acknowledgment to source A that contains its
incoming
label in the table, chosen in the setup phase.
5. The source uses this as the outgoing label for the data packets to be sent to
destination B.
Data-Transfer Phase
The second phase is called the data-transfer phase. After all routers have
created
their forwarding table for a specific virtual circuit, then the network-layer
packets
belonging to one message can be sent one after another.
In Figure 18.9, we show the flow of a single packet, but the process is the same
for 1, 2, or 100 packets.
The source computer uses the label 14, which it has received from router R1 in
the setup
 Network Layer-I:
phase. Router R1 forwards the packet to router R3, but changes the
label to 66.
Router R3 forwards the packet to router R4, but changes the label to
22.
Finally, router R4 delivers the packet to its final destination with the
label 77.
All the packets in the message follow the same sequence of labels,
and the packets arrive in order at the destination.
Teardown Phase
In the teardown phase, source A, after sending all packets to B, sends
a special packet
called a teardown packet. Destination B responds with a confirmation
packet. All routers delete the corresponding entries from their tables.
Comparison
Datagram Approach Virtual Circuit Approach

connectionless Connection oriented

Resources not reserved(on demand),if Resources reserved
resources available it provided to packet
Same route may or may not. Always takes Same route

Only data transfer Set up, data transfer, tear down(delete
path)
Not much costly costly

Not reliable reliable

Forwarding based on dest addr. Forwarding based on flow label
 Network Layer-I:
NETWORK-LAYER PERFORMANCE
The upper-layer protocols that use the service of the network layer expect to receive
an ideal service, but the network layer is not perfect.
The performance of a network can be measured in terms of few attributes i.e. delay,
throughput, and packet loss.
Congestion control is an issue that can improve the performance.
Delay
Delay should be minimum.
Due to certain components in the N/W, Delay will be there to reach packet at
receiver.

All of us expect instantaneous response from a network, but a packet, from its
source to its destination, encounters delays.
The delays in a network can be divided into four types: transmission delay,
propagation delay, processing delay, and queuing delay.
 Network Layer-I:
Transmission Delay:
It is the time taken for packet to travel from sender until reaches to
destination.
A source host or a router cannot send a packet instantaneously.
A sender needs to put the bits in a packet on the line one by one.
Bigger packet means more time needed to place the packet on link.
Sender at which rate transmitting packet on wire(medium) is the
transmission rate.
If the first bit of the packet is put on the line at time t1 and the last bit is put
on the line at time t2, transmission delay of the packet is (t2 − t1).
Definitely, the transmission delay is longer for a longer packet and shorter if
the sender can transmit faster.
In other words, the transmission delay is
Delaytr = (Packet length) / (Transmission rate).
Example:
In a Fast Ethernet LAN with the transmission rate of 100 million bits per
 Network Layer-I:
= 10,000/ 100 x 106
=
0.0001 sec or 100 microseconds
Propagation Delay
It depends on the distance & propagation speed.(depend on medium)
Propagation delay is the time it takes for a bit to travel from point A to point B in
the transmission media.
The propagation delay for a packet-switched network depends on the
propagation delay of each network (LAN or WAN).
The propagation delay depends on the propagation speed of the media, which is
3 × 108 meters/second in a vacuum and normally much less in a wired medium;
it also depends on the distance of the link.
In other words, propagation delay is Delaypg = (Distance) / (Propagation
speed).
Example 2 if the distance of a cable link in a point-to-point WAN is 2000 meters
and the propagation speed of the bits in the cable is 2 × 10 8 meters/second,
then the
propagation delay is
 Network Layer-I:
Delaypg = (Distance) / (Propagation speed).

= 2000 / 2 x 108
= 0.000001 sec or 10 microseconds
Processing Delay
Each component in N/W has to process i.e. packet starts from sender& move towards
receiver in between other devices like router.
Each router has input port & output port.
The processing delay is the time required for a router or a destination host to receive a
packet from its input port, remove the header, perform an error detection procedure, and deliver
the packet to the output port (in the case of a router) or deliver the packet to the upper-layer
protocol (in the case of the destination host).
The processing delay may be different for each packet, but normally is calculated as an average.

Delaypr = Time required to process a packet in a router or a destination host
 Network Layer-I:
Queuing Delay
Queuing delay can normally happen in a router.
As we discuss in the next section, a router has an input queue
connected to each of its input ports to store packets waiting to be
processed; the router also has an output queue connected to each of
its output ports to store packets waiting to be transmitted.
The queuing delay for a packet in a router is measured as the time a
packet waits in the input queue and output queue of a router.
We can compare the situation with a busy airport.
Some planes may need to wait to get the landing band (input delay);
some planes may need to wait to get the departure band (output
delay).
Delayqu = The time a packet waits in input and output queues
in a router
 Network Layer-I:
Total Delay
Assuming equal delays for the sender, routers, and receiver, the total
delay (source-to destination delay) a packet encounters can be
calculated if we know the number of
routers, n, in the whole path.

Note that if we have n routers, we have (n + 1) links.
Therefore, we have (n + 1) transmission delays related to n routers
and the source, (n + 1) propagation delays related to (n + 1) links, (n
+ 1) processing delays related to n routers and the destination, and
only n queuing delays related to n routers.

Q: If there are n routers why do we need n+1 links
 Network Layer-I:
If there are n routers in a network, you need n+1 links to connect them
all in a way that allows all routers to communicate with each other.
This is because each router needs to be connected to at least one other
router to be part of the network, and a minimum of two links are required
to connect two routers.

Router 1 --- Router 2 --- Router 3
To connect all three routers, we need at least one additional link. One
possible way to achieve this is to add a link between Router 1 and Router
3, resulting in a triangular network with three links:
Router 2
/ \
/ \
Router 1 --- Router 3
 Network Layer-I:
Throughput
Throughput at any point in a network is defined as the number of bits passing
through
the point in a second, which is actually the transmission rate of data at that
point. In a
path from source to destination, a packet may pass through several links
(networks),
each with a different transmission rate.
Throughput: how many bits per second are going through the network
How, then, can we determine the throughput of the whole path? To see the
situation, assume that we have three links, each with a different transmission
rate, as shown in Figure 18.10.
In this figure, the data can flow at the rate of 200 kbps in Link1.
However, when the data arrives at router R1, it cannot pass at this rate.
Data needs to be queued at the router and sent at 100 kbps.
When data arrives at router R2, it could be sent at the rate
 Network Layer-I:
of 150 kbps, but there is not enough data to be sent. In other words, the
average rate of
the data flow in Link3 is also 100 kbps.
We can conclude that the average data rate for this path is 100 kbps, the
minimum of the three different data rates.
In general, in a path with n links in series, we have

Packet Loss
Another issue that severely affects the performance of communication is the
number of
packets lost during transmission. When a router receives a packet while
processing
another packet, the received packet needs to be stored in the input buffer
waiting for its turn. A router, however, has an input buffer with a limited size.
 Network Layer-I:
A time may come when the buffer is full and the next packet needs to
be dropped.
The effect of packet loss on the Internet network layer is that the
packet needs to be resent, which in turn may create overflow and
cause more packet loss.
Congestion Control
Congestion control is a mechanism for improving performance.
Although congestion at the network layer is not explicitly addressed in
the Internet model, the study of congestion at this layer may help us
to better understand the cause of congestion at the transport layer
and find possible remedies to be used at the network layer.
Congestion at the network layer is related to two issues, throughput
and delay,
 Network Layer-I:
When the load is much less than the capacity of the network, the delay is
at a minimum.
This minimum delay is composed of propagation delay and processing
delay, both of which are negligible.
However, when the load reaches the network capacity, the delay
increases sharply because we now need to add the queuing delay to the
total delay.
Note that the delay becomes infinite when the load is greater
than the capacity.
When the load is below the capacity of the network, the throughput
increases proportionally with the load.
We expect the throughput to remain constant after the load
reaches the capacity, but instead the throughput declines
sharply.
The reason is the discarding of packets by the routers.
When the load exceeds the capacity, the queues become full and the
routers have to discard some packets.
 Network Layer-I:
Congestion Control
Congestion control refers to techniques and mechanisms that can either prevent
congestion before it happens or remove congestion after it has happened.
In general, we can divide congestion control mechanisms into two broad
categories: open-loop congestion control (prevention) and closed-loop
congestion control (removal).
Open-Loop Congestion Control
In open-loop congestion control, policies are applied to prevent congestion
before it
happens. In these mechanisms, congestion control is handled by either the
source or the destination. We give a brief list of policies that can prevent
congestion.
Retransmission Policy Retransmission is sometimes unavoidable. If the
sender
feels that a sent packet is lost or corrupted, the packet needs to be
retransmitted.
Retransmission in general may increase congestion in the network.
 Network Layer-I:
However, a good retransmission policy can prevent congestion.
The retransmission policy and the retransmission timers must be
designed to optimize efficiency and at the same time prevent congestion.
Window Policy The type of window at the sender may also affect
congestion.
The Selective Repeat window is better than the Go-Back-N window for
congestion control. In the Go-Back-N window, when the timer for a packet
times out, several packets may be resent, although some may have
arrived safe and sound at the receiver.
This duplication may make the congestion worse.
The Selective Repeat window, on the other hand, tries to send the
specific packets that have been lost or corrupted.
Acknowledgment Policy The acknowledgment policy imposed by the
receiver may
also affect congestion
 Network Layer-I:. If the receiver does not acknowledge every packet it receives, it may
slow down the sender and help prevent congestion.
Several approaches are used in this case.
A receiver may send an acknowledgment only if it has a packet to be
sent or a special timer expires.
A receiver may decide to acknowledge only N packets at a time.
Discarding Policy A good discarding policy by the routers may
prevent congestion and at the same time may not harm the integrity
of the transmission.
For example, in audio transmission, if the policy is to discard less
sensitive packets when congestion is likely to happen, the quality of
sound is still preserved and congestion is prevented or alleviated.
 Network Layer-I:
Admission Policy An admission policy, which is a quality-of-service mechanism
(discussed in Chapter 30), can also prevent congestion in virtual-circuit
networks. Switches in a flow first check the resource requirement of a flow
before admitting it to the network.
A router can deny establishing a virtual-circuit connection if there is congestion
in the network or if there is a possibility of future congestion.
Closed-Loop Congestion Control
Closed-loop congestion control mechanisms try to alleviate congestion after it
happens.
Backpressure The technique of backpressure refers to a congestion control
mechanism
in which a congested node stops receiving data from the immediate upstream
node
or nodes.
This may cause the upstream node or nodes to become congested, and they, in
turn, reject data from their upstream node or nodes, and so on.
 Network Layer-I:
Backpressure is a node to-node congestion control that starts with a
node and propagates, in the opposite direction of data flow, to the
source.
The backpressure technique can be applied only to virtual circuit
networks, in which each node knows the upstream node from which a
flow of data is coming.
 Network Layer-I:
Node III in the figure has more input data than it can handle. It drops
some packets
in its input buffer and informs node II to slow down.
Node II, in turn, may be congested because it is slowing down the
output flow of data.
If node II is congested, it informs node I to slow down, which in turn
may create congestion.
If so, node I informs the source of data to slow down.
This, in time, alleviates the congestion.
Note that the pressure on node III is moved backward to the source to
remove the congestion.
Choke Packet A choke packet is a packet sent by a node to the
source to inform it of
congestion.
 Network Layer-I:
In the choke-packet method, the warning is from the router, which has
encountered congestion, directly to the source station.
The intermediate nodes through which the packet has traveled are not
warned.
An example of this type of control in ICMP (discussed in Chapter 19).
When a router in the Internet is overwhelmed with IP datagrams, it may
discard some of them, but it informs the source host, using a source
quench ICMP message.
The warning message goes directly to the source station; the intermediate
routers do not take any action. Figure 18.15 shows the idea of a choke
packet.
 Network Layer-I:
Implicit Signaling In implicit signaling, there is no communication between
the congested node or nodes and the source.
The source guesses that there is congestion somewhere in the network from
other symptoms.
For example, when a source sends several packets and there is no
acknowledgment for a while, one assumption is that the network is
congested.
The delay in receiving an acknowledgment is interpreted as congestion in the
network; the source should slow down.
Explicit Signaling The node that experiences congestion can explicitly send
a signal to the source or destination.
The explicit-signaling method, however, is different from the choke-packet
method.
In the choke-packet method, a separate packet is used for this purpose; in
the explicit-signaling method, the signal is included in the packets that carry
data.
Explicit signaling can occur in either the forward or the backward direction.
This type of congestion control can be seen in an ATM network,
 Network Layer-I:
Explicit Congestion Notification (ECN)
ECN field: A 2-bit field specified for use with explicit congestion signaling in the
IPv4 and IPv6 packet headers.
IPV4 ADDRESSES
An IPv4 address is a 32-bit address that uniquely and universally defines the
connection of a
host or a router to the Internet.
IPv4 addresses are unique in the sense that each address defines one, and only
one, connection to the Internet.
If a device has two connections to the Internet, via two networks, it has two IPv4
addresses. IPv4 addresses are universal in the sense that the addressing system
must be accepted by any host that wants to be connected to the Internet.
Address Space
A protocol like IPv4 that defines addresses has an address space.
An address space is the total number of addresses used by the protocol.
 Network Layer-I:
If a protocol uses b bits to define an address, the address space is 2b
because each bit can have two different values (0 or 1).
IPv4 uses 32-bit addresses, which means that the address space is 232 or
4,294,967,296 (more than four billion).
Notation
There are three common notations to show an IPv4 address: binary
notation (base 2), dotted-decimal notation (base 256), and hexadecimal
notation (base 16).
In binary notation, an IPv4 address is displayed as 32 bits.
To make the address more readable, one or more spaces are usually
inserted between each octet (8 bits).
Each octet is often referred to as a byte.
To make the IPv4 address more compact and easier to read, it is usually
written in decimal form with a decimal point (dot) separating the bytes.
This format is referred to as dotted-decimal notation.
 Network Layer-I:
Note that because each byte (octet) is only 8 bits, each number in the
dotted-decimal notation is between 0 and 255.
We sometimes see an IPv4 address in hexadecimal notation.
Each hexadecimal digit is equivalent to four bits.
This means that a 32-bit address has 8 hexadecimal digits. This notation is
often used in network programming.
 Network Layer-I:
Hierarchy in Addressing
In any communication network that involves delivery, such as a telephone
network or a
postal network, the addressing system is hierarchical.
In a postal network, the postal address (mailing address) includes the
country, state, city, street, house number, and the name of the mail recipient.
Similarly, a telephone number is divided into the country code, area code,
local exchange, and the connection.
A 32-bit IPv4 address is also hierarchical, but divided only into two parts.
The first part of the address, called the prefix, defines the network; the
second part of the
address, called the suffix, defines the node (connection of a device to the
Internet).
Figure 18.17 shows the prefix and suffix of a 32-bit IPv4 address. The prefix
length is n bits and the suffix length is (32 − n) bits.
 Network Layer-I:

A prefix can be fixed length or variable length.
The network identifier in the IPv4 was first designed as a fixed-length prefix. This
scheme, which is now obsolete, is referred to as classful addressing.
The new scheme, which is referred to as classless addressing, uses a variable-length
network prefix.
 Network Layer-I:
Classful Addressing
When the Internet started, an IPv4 address was designed with a fixed-
length prefix, but to accommodate both small and large networks, three
fixed-length prefixes were designed instead of one (n = 8, n = 16, and n =
24).
The whole address space was divided into five classes (class A, B, C, D,
and E), as shown in Figure 18.18.
This scheme is referred to as classful addressing.
In class A, the network length is 8 bits, but since the first bit, which is 0,
defines the class, we can have only seven bits as the network identifier.
This means there are only 27 = 128 networks in the world that can have a
class A address.
In class B, the network length is 16 bits, but since the first two bits, which
are (10)2, define the class, we can have only 14 bits as the network
identifier.
This means there are only 214 = 16,384 networks in the world that can
have a class B address.
 Network Layer-I:
All addresses that start with (110)2 belong to class C.
In class C, the network length is 24 bits, but since three bits define the class, we can
have only 21 bits as the network identifier.
This means there are 221 = 2,097,152 networks in the world that can have a class C
address.
Class D is used for multicast addresses.
All addresses that start with 1111 in binary belong to class E.
Address Depletion
The reason that classful addressing has become obsolete is address depletion.
To understand the problem, let us think about class A.
This class can be assigned to only 128 organizations in the world, but each organization
needs to have a single network (seen by the rest of the world) with 16,777,216 nodes
(computers in this single network).
Since there may be only a few organizations that are this large, most of the addresses in
this class were wasted (unused).
Class B addresses were designed for midsize organizations, but many of the addresses
in this class also remained unused.
 Network Layer-I:
Class C addresses have a completely different flaw in design. The number
of addresses that can be used in each network (256) was so small that
most companies were not comfortable using a block in this address class.
Class E addresses were almost never used, wasting the whole class.
Subnetting and Supernetting
To alleviate address depletion, two strategies were proposed and, to some
extent, implemented: subnetting and supernetting.
In subnetting, a class A or class B block is divided into several subnets.
Each subnet has a larger prefix length than the original network.
Supernetting was devised to combine several class C blocks into a larger
block to be attractive to organizations that need more than the 256
addresses available in a class C block.
 Network Layer-I:
Advantage of Classful Addressing
Although classful addressing had several problems and became obsolete, it had one
advantage: Given an address, we can easily find the class of the address and, since
the
prefix length for each class is fixed, we can find the prefix length immediately.

Classless Addressing
Subnetting and supernetting in classful addressing did not really solve the address
depletion problem.
With the growth of the Internet, it was clear that a larger address space was needed
as a long-term solution.
The larger address space, however, requires that the length of IP addresses also be
increased, which means the format of the IP packets needs to be changed.
Although the long-range solution has already been devised and is called IPv6
(discussed later), a short-term solution was also devised to use the same address
space but to change the distribution of addresses to provide a fair share to each
organization.
 Network Layer-I:
The short-term solution still uses IPv4 addresses, but it is called classless addressing.
In other words, the class privilege was removed from the distribution to compensate
for the address depletion.
Because of fixed prefix length, got address depletion problem, so we don’t have
enough addresses to allocate IP addresses to all system.
In 1996, the Internet authorities announced a new architecture called classless
addressing. In classless addressing, variable-length blocks are used that belong to
no classes.
Representation of classless addresses:
We can have a block of 1 address, 2 addresses, 4 addresses, 128 addresses, and so
on.
One of the restrictions, as we discuss later, is that the number of addresses in a
block needs to be a power of 2.
An organization can be granted one block of addresses.
Unlike classful addressing, the prefix length in classless addressing is variable.
We can have a prefix length that ranges from 0 to 32.
The size of the network is inversely proportional to the length of the prefix.
A small prefix means a larger network; a large prefix means a smaller network.
 Network Layer-I:
We need to emphasize that the idea of classless addressing can be easily
applied to classful addressing.
How to represent classless addresses?
Prefix Length: Slash Notation
The first question that we need to answer in classless addressing is how to
find the prefix
length if an address is given.. In this case, the prefix length, n, is added to the address, separated by a
slash. The notation is informally referred to as slash notation and formally
as classless interdomain routing or CIDR (pronounced cider) strategy.
An address in classless addressing can then be represented as shown in
Figure 18.20.
 Network Layer-I:

Extracting Information from an Address
Given any address in the block, we normally like to know three pieces of
information about the block to which the address belongs: the number of
addresses, the first address in the block, and the last address. Since the value of
prefix length, n, is given, we can easily find these three pieces of information, as
shown in Figure 18.21.
1. The number of addresses in the block is found as N = 232−n. (number of IP
address in host)
2. To find the first address, we keep the n leftmost bits and set the (32 − n)
rightmost bits all to 0s.
3. To find the last address, we keep the n leftmost bits and set the (32 − n)
rightmost bits all to 1s.
 Network Layer-I:
Example 18.1
A classless address is given as 167.199.170.82/27. We can find the above
three pieces of information as follows.
The number of addresses in the network is 232 − n = 25 = 32 addresses.
(32 addresses can be allocated)
Network Layer-I:
 Network Layer-I:

Network Address
The first address, the network address, is particularly important
because it is used in routing a packet to its destination network.
 Identify the address class of the following IP
addresses: 200.58.20.165;128.167.23.20;
16.196.128.50;150.156.10.10;250.10.24.96.

200.58.20.165
11001000.00111010.00010100.10100101
Class C
128.167.23.20
10000000.10100111.00010111.00010100
Class B
16.196.128.50
00010000.11000100.10000000.00110010
Class A
150.156.10.10
10010110.10011100.00001010.00001010
Class B
250.10.24.96
11111010.00001010
?
Network Layer-I:
Network Layer-I:
 Network Layer-I:
Here ISP granted block of address 14.24.74.0/24 & organization
need to divide this into 3 subblock.
DHCP
Mainly useful in order to assign IP addr to host.).
If u use internet &u wont use DHCP protocol then N/w
admin hat to enter all the details.
Assume organization has 10000 hosts then then internet
people has to enter all above details in all 10000 hosts,
which is time consuming.
To overcome this problem,we use DHCP protocol.
DHCP server contains pools of IP addr.
Duty of server to assign IP addr to all hosts in an
organization.
DHCP server provides all details(IP addr, subnet
mask,default gateway, preferred DNS server, alternate dns
server. )
 Network Layer-I:
Dynamic Host Configuration Protocol (DHCP)
However, address assignment in an organization can be done automatically using the Dynamic
Host Configuration Protocol (DHCP).
Usually large organization receive blockof IP addr(want to connect to internet) from
ICANN. (provide IP addr to any organization.)
If small organization means receive address from ISP.
After block of of IP addr assigned, n/w admin has to ,manually assign IP adr. To
individual host.
What DHCP do?
If organization has DHCP protocol.addr assignment done automatiacally without n/w
admin.
DHCP is an application-layer program, using the client-server paradigm, that actually helps TCP/IP
at the network layer.
DHCP has found such widespread use in the Internet that it is often called a plug and- play protocol.
In can be used in many situations. A network manager can configure DHCP to assign permanent IP
addresses to the host and routers.
DHCP can also be configured to provide temporary, on demand, IP addresses to hosts.
 Operations on DHCP
Whenever C wants IP addr from any of server,it uses DHCP protocol.i.e. C doesnot know his IP
addr.
First C sends Discover msg to all nearby server(broadcast msg) for IP addr.
If any of server interested to gv their own IP addr they give DHCP offer msg to C.
Now C get many offer,among those it select one, and send DHCP REQUEST to specified
server.
DHCP server send ACK to C if they want to gv their IP addr

So whenever CLIENT want IP addr from SERVER,it sends DHCPDISCOVER msg to SERVER
(BROADCASTE MESSAGE)
SERVER sends best OFFER with IP addr.
CLIENT select any one of the offer & REQUEST the SERVER.
SEREVR send ACK MSG to CLIENT by accepting their REQUEST.
CLIENT use IP Addr. For specified time
 Network Layer-I:
1. The joining host creates a DHCPDISCOVER message in which only the
transaction-
ID field is set to a random number. No other field can be set because the host
has
no knowledge with which to do so.
This message is encapsulated in a UDP user datagram with the source port set to
68 and the destination port set to 67.
We will discuss the reason for using two well-known port numbers later. The user
datagram
is encapsulated in an IP datagram with the source address set to 0.0.0.0 (“this
host”) and the destination address set to 255.255.255.255 (broadcast address).
The reason is that the joining host knows neither its own address nor the server
address.
2. The DHCP server or servers (if more than one) responds with a DHCPOFFER
message in which the your address field defines the offered IP address for the
joining host and the server address field includes the IP address of the server.
The message also includes the lease time for which the host can keep the IP
address.
 Network Layer-I:
This message is encapsulated in a user datagram with the same port
numbers, but in the reverse order.
The user datagram in turn is encapsulated in a datagram with the server
address as the source IP address, but the destination address is a broadcast
address, in which the server allows other DHCP servers to receive the offer
and give a better offer if they can.
3. The joining host receives one or more offers and selects the best of them.
The joining host then sends a DHCPREQUEST message to the server that has
given the best offer.
The fields with known value are set.
The message is encapsulated in a user datagram with port numbers as the
first message.
The user datagram is encapsulated in an IP datagram with the source address
set to the new client address, but the destination address still is set to the
broadcast address to let the other servers know that their offer was not
accepted.
 Network Layer-I:
4. Finally, the selected server responds with a DHCPACK message to the
client if the offered IP address is valid.
If the server cannot keep its offer (for example, if the address is offered to
another host in between), the server sends a DHCPNACK message and
the client needs to repeat the process.
This message is also broadcast to let other servers know that the request
is accepted or rejected.
 Network Layer-I:
Forwarding IP Packet : based on Destination Address:

PLEASE REFER TEXTBOOK
 Network Layer-I:
INTERNET PROTOCOL (IP)
The network layer in version 4 can be thought of as one main protocol and
three auxiliary
ones. The main protocol, Internet Protocol version 4 (IPv4), is responsible
for packetizing,
forwarding, and delivery of a packet at the network layer.
The Internet Control Message Protocol version 4 (ICMPv4) helps IPv4 to
handle some errors that may occur in the network-layer delivery.
The Internet Group Management Protocol (IGMP) is used to help IPv4 in
multicasting.
The Address Resolution Protocol (ARP) is used to glue the network and
data-link layers in mapping network-layer addresses to link-layer
addresses.
Figure 19.1 shows the positions of these four protocols in the TCP/IP
protocol suite
 Network Layer-I:
IPv4 is an unreliable datagram protocol—a best-effort delivery service.
The term best-effort means that IPv4 packets can be corrupted, be lost,
arrive out of order, or be delayed, and may create congestion for the
network.
If reliability is important, IPv4 must be paired with a reliable transport-
layer protocol such as TCP.
An example of a more commonly understood best-effort delivery service is
the post office.
The post office does its best to deliver the regular mail but does not
always succeed.
If an unregistered letter is lost or damaged, it is up to the sender or
would-be recipient to discover this.
The post office itself does not keep track of every letter and cannot notify
a sender of loss or damage of one.
 Network Layer-I:
IPv4 is also a connectionless protocol that uses the datagram approach.
This means that each datagram is handled independently, and each
datagram can follow a different route to the destination.
This implies that datagrams sent by the same source to the same destination
could arrive out of order.
Again, IPv4 relies on a higher-level protocol to take care of all these problems.

Datagram Format
Packets used by the IP are called datagrams.
Figure 19.2 shows the IPv4 datagram format.
A datagram is a variable-length packet consisting of two parts: header and
payload (data). The header is 20 to 60 bytes in length and contains
information essential to routing and delivery.
It is customary in TCP/IP to show the header in 4-byte sections.
 Network Layer-I:
Version: The version field indicates the version number used by the IP
packet so that revisions can be distinguished from each other.
The current IP version is 4.
Version 5 is used for a real-time stream protocol called ST2, and version 6 is
used for the new generation IP known as IPv6.
Header Length. The 4-bit header length (HLEN) field defines the total length
of the datagram header in 4-byte words.
The IPv4 datagram has a variable-length header.
When a device receives a datagram, it needs to know when the header stops
and the data, which is encapsulated in the packet, starts.
However, to make the value of the header length (number of bytes) fit in a 4-
bit header length, the total length of the header is calculated as 4-byte
words.
The total length is divided by 4 and the value is inserted in the field.
The receiver needs to multiply the value of this field by 4 to find the total
length.
 Network Layer-I:
Type of service: The type of service (TOS) field traditionally specifies the
priority of the packet based on delay, throughput, reliability, and cost
requirements.
Three bits are assigned for priority levels (called “precedence”) and four bits for
the specific requirement (i.e., delay, throughput, reliability, and cost).
For example, if a packet needs to be delivered to the destination as soon as
possible, the transmitting IP module can set the delay bit to one and use a high-
priority level.
The TOS field is not in common use and so the field is usually set to zero.
Recent work in the Differentiated Services Working Group of IETF redefines the
TOS field in order to support other services that are better than the basic best
effort.
Total Length. This 16-bit field defines the total length (header plus data) of the
IP datagram in bytes. A 16-bit number can define a total length of up to 65,535
(when all bits are 1s).
However, the size of the datagram is normally much less than this.
This field helps the receiving device to know when the packet has completely
arrived.
 Network Layer-I:
To find the length of the data coming from the upper layer, subtract the
header length from the total length.
The header length can be found by multiplying the value in the HLEN field
by 4.

In practice the maximum possible length is very rarely used, since most
physical networks have their own length limitation.
For example, Ethernet limits the payload length to 1500 byte
Identification, Flags, and Fragmentation Offset. These three fields
are related to the fragmentation of the IP datagram when the size of the
datagram is larger than the underlying network can carry.
 Network Layer-I:
Time-to-live. The time-to-live (TTL) field is used to control the maximum
number of hops (routers) visited by the datagram.
When a source host sends the datagram, it stores a number in this field.
This value is approximately two times the maximum number of routers
between any two
hosts.
Each router that processes the datagram decrements this number by one.
If this value, after being decremented, is zero, the router discards the
datagram.
Protocol: The protocol field specifies the upper-layer protocol that is to
receive the IP data at the destination host.
Examples of the protocols include TCP (protocol = 6), UDP (protocol = 17),
and ICMP (protocol = 1).
 Network Layer-I:
Header checksum: The header checksum field verifies the integrity of
the header of the IP packet.
The data part is not verified and is left to upper-layer protocols.
If the verification process fails, the packet is simply discarded.
Note that when a router decrements the TTL field, the router must also
recompute the header checksum field.
Source IP address and destination IP address: These fields contain
the addresses of the source and destination hosts.
Options: The options field, which is of variable length, allows the packet
to request special features such as security level, route to be taken by the
packet, and timestamp at each router.
For example, a source host can use the options field to specify a
sequence of routers that a datagram is to traverse on its way to the
destination host.
Padding: This field is used to make the header a multiple of 32-bit words.
 Network Layer-I:
1. An IPv4 packet has arrived with the first 8 bits as (01000010)2 The
receiver discards the packet. Why?

2. In an IPv4 packet, the value of HLEN is (1000)2. How many bytes of
options are being carried by this packet?

3. In an IPv4 packet, the value of HLEN is 5, and the value of the total
length field is (0028)16. How many bytes of data are being carried by this
packet?
 Network Layer-I:
Solution
There is an error in this packet. The 4 leftmost bits (0100) 2 show the version, which is correct.
The
next 4 bits (0010)2 show an invalid header length (2 × 4 = 8). The minimum number of bytes
in
the header must be 20. The packet has been corrupted in transmission.

Solution
The HLEN value is 8, which means the total number of bytes in the header is 8 × 4, or 32
bytes.
The first 20 bytes are the base header, the next 12 bytes are the options.

Solution
The HLEN value is 5, which means the total number of bytes in the header is 5 × 4, or 20
bytes (no
options). The total length is (0028)16 or 40 bytes, which means the packet is carrying 20 bytes
of
data (40 − 20).
 Network Layer-I:
Fragmentation and Reassembly
One of the strengths of IP is that it can work on a variety of physical
networks.
Each physical network usually imposes a certain packet-size limitation on
the packets that
can be carried, called the maximum transmission unit (MTU).
For example, Ethernet specifies an MTU of 1500 bytes, and FDDI specifies
an MTU of 4464 bytes.
 Network Layer-I:
When IP has to send a packet that is larger than the MTU of the physical
network, IP must break the packet into smaller fragments whose size can
be no larger than the MTU.
Each fragment is sent independently to the destination as though it were
an IP packet.
If the MTU of some other network downstream is found to be smaller than
the fragment size, the fragment will be broken again into smaller
fragments, as shown in Figure 8.11.
 Network Layer-I:
The destination IP is the only entity that is responsible for reassembling
the fragments
into the original packet.
To reassemble the fragments, the destination waits until it has received
all the fragments belonging to the same packet.
If one or more fragments are lost in the network, the destination abandons
the reassembly process and discards the rest of the fragments.
To detect lost fragments, the destination host sets a timer once the first
fragment of a packet arrives.
If the timer expires before all fragments have been received, the host
assumes the missing fragments were lost in the network and discards the
other fragments.
 Network Layer Protocols-II
ICMPv4
The IPv4 has no error-reporting or error-correcting mechanism.
What happens if something goes wrong?
What happens if a router must discard a datagram because it cannot
find a route to the final destination, or because the time-to-live field has
a zero value?
What happens if the final destination host must discard the received
fragments of a
datagram because it has not received all fragments within a
predetermined time limit?
These are examples of situations where an error has occurred and the
IP protocol has no
built-in mechanism to notify the original host.
The IP protocol also lacks a mechanism for host and
management queries.
 Function of IPV4: send packet from source to destination
i.e. select a route to network, forward packet so it
reaches to destination.
IP not reliable. i.e. if any error during transmission,not
reported to source host.
Types of error during transmission?
Router may drop packet
if dest receives one fragment & fragment not
received.
TTL=0 means not intended receiver.
All these errors must report to source host
 Network Layer Protocols-II
The Internet Control Message Protocol version 4 (ICMPv4) has been
designed to compensate for the above two deficiencies.
It is a companion to the IP protocol.
ICMP itself is a network-layer protocol.
However, its messages are not passed directly to the data-link layer as would
be expected.
Instead, the messages are first encapsulated inside IP datagrams before going
to the lower layer.
When an IP datagram encapsulates an ICMP message, the value of the
protocol field in the IP datagram is set to 1 to indicate that the IP payroll is an
ICMP message.
MESSAGES
ICMP messages are divided into two broad categories: error-reporting
messages and
query messages.
 Network Layer Protocols-II
The error-reporting messages report problems that a router or a host
(destination) may encounter when it processes an IP packet.
The query messages, which occur in pairs, help a host or a network
manager get specific information from a router or another host.
An ICMP message has an 8-byte header and a variable-size data
section.
Although the general format of the header is different for each message
type, the first 4 bytes are common to all.
The first field, ICMP type, defines the type of the message.
The code field specifies the reason for the particular message type.
The last common field is the checksum field.
The rest of the header is specific for each message type.
 Network Layer Protocols-II
Error Reporting Messages
Since IP is an unreliable protocol, one of the main responsibilities of
ICMP is to report
some errors that may occur during the processing of the IP datagram.
ICMP does not correct errors, it simply reports them.
Error correction is left to the higher-level protocols.
Error messages are always sent to the original source because the only
information available in the datagram about the route is the source and
destination IP addresses.
ICMP uses the source IP address to send the error message to the
source (originator) of the datagram.
To make the error-reporting process simple, ICMP follows some rules in
reporting messages.
 Network Layer Protocols-II
First, no error message will be generated for a datagram having a
multicast address or special address (such as this host or loopback).
Second, no ICMP error message will be generated in response to a
datagram carrying an ICMP error message.
Third, no ICMP error message will be generated for a fragmented
datagram that is not the first fragment.
Example
Destination Unreachable
The most widely used error message is the destination unreachable (type
3).
This message uses different codes (0 to 15) to define the type of error
message and the reason why a datagram has not reached its final
destination.
For example, code 0 tells the source that a host is unreachable. This may
happen, for example, when we use the HTTP protocol to access a web
page, but the server is down. The message “destination host is not
reachable” is created and sent back to the source.
 Network Layer Protocols-II
Source Quench
Another error message is called the source quench (type 4) message, which
informs the
sender that the network has encountered congestion and the datagram has
beenbdropped; the source needs to slow down sending more datagrams.
In other words, ICMP adds a kind of congestion control mechanism to the IP
protocol by using this type of message.
Query Messages
Interestingly, query messages in ICMP can be used independently without
relation to an IP datagram.
Of course, a query message needs to be encapsulated in a datagram, as a
carrier.
Query messages are used to probe or test the liveliness of hosts or routers in
the Internet, find the one-way or the round-trip time for an IP datagram
between two devices, or even find out whether the clocks in two devices are
synchronized.
 Network Layer Protocols-II
Naturally, query messages come in pairs: request and reply.
The echo request (type 8) and the echo reply (type 0) pair of messages are used
by a host or a router to test the liveliness of another host or router.
A host or router sends an echo request message to another host or router; if the
latter is alive, it responds with an echo reply message.
We shortly see the applications of this pair in two debugging tools: ping and
traceroute.
Ping
We can use the ping program to find if a host is alive and responding. We use ping
here
to see how it uses ICMP packets. The source host sends ICMP echo-request
messages;
the destination, if alive, responds with ICMP echo-reply messages. The ping
program sets
the identifier field in the echo-request and echo-reply message and starts the
sequence
number from 0; this number is incremented by 1 each time a new message is
sent.
 Network Layer Protocols-II
Note that ping can calculate the round-trip time.
It inserts the sending time in the data section of the message.
When the packet arrives, it subtracts the arrival time from the
departure time to get the round-trip time (RTT).
Traceroute or Tracert
The traceroute program in UNIX or tracert in Windows can be used to
trace the path of
a packet from a source to the destination.
It can find the IP addresses of all the routers that are visited along the
path.
The program is usually set to check for the maximum of 30 hops
(routers) to be visited. The number of hops in the Internet is normally
less than this.
 Network Layer Protocols-II
The traceroute program gets help from two error-reporting messages:
time-exceeded and destination-unreachable.
The traceroute is an application layer program, but only the client
program is needed, because, as we can see, the client program never
reaches the application layer in the destination host.
In other words, there is no traceroute server program.
The traceroute application program is encapsulated in a UDP user
datagram, but traceroute intentionally uses a port number that is not
available at the destination.
If there are n routers in the path, the traceroute program sends (n + 1)
messages.
The first n messages are discarded by the n routers, one by each
router; the last message is discarded by the destination host.
The traceroute client program uses the (n + 1) ICMP error-reporting
messages received to find the path between the routers.
 Network Layer Protocols-II
The first traceroute message is sent with time-to-live (TTL) value set to
1; the message is discarded at the first router and a time-exceeded
ICMP error message is sent, from which the traceroute program can find
the IP address of the first router (the source IP address of the error
message) and the router name (in the data section of the message).
The second traceroute message is sent with TTL set to 2, which canfind
the IP address and the name of the second router.
Similarly, the third message can find the information about router 3.
The fourth message, however, reaches the destination host. This host is
also dropped, but for another reason.
The destination host cannot find the port number specified in the UDP
user datagram.
 Network Layer Protocols-II
This time ICMP sends a different message, the destination-unreachable
message with code 3 to show the port number is not found.
After receiving this different ICMP message, the traceroute program
knows that the final destination is reached.
It uses the information in the received message to find the IP address
and the name of the final destination.

Slow hops range from 250ms to 300ms.
If you receive asterisks, your results did not return within the TTL (time
to live) value. This is due to the ICMP (Internet Control Message
Protocol) blocking traffic or the packet did not reach the intended
destination and timed out.