Chapter 7: The Infamous IP

1
Chapter 7 The Infamous IP
2
Re-explain Encapsulation Decapsulation starting
at Transport Layer

• Transport - User Datagrams
• Network - IP Datagrams
• Data Link - Frames

3
Position of IP in TCP/IP protocol suite

• Packets in the IP layer are called datagrams
• IP is an unreliable and connectionless datagram
  protocol
• To make IP reliable, TCP protocol is added

4
IP datagram

• IP datagram is variable length consisting of two
  parts (header, data)
• Header is 20-60 bytes contains routing and
  deliver info
• Ver version of IP
• HLEN header length total length of the header
  field (in 4-byte words or units)
• Service type now called Differentiated Services
  tells the service type (ie. ftp, dns, telnet,
  etc..) will come back to this
• Total length defines the total length of the
  datagram including the header need this to
  determine if padding is needed recall Ethernet
  frame can range 46-1500 bytes so if the IP
  datagram is less than 46 bytes (need padding)
• Identification used for fragmentation
  networks that are not able to encapsulate the
  full IP datagram will need to fragment will
  come back to this
• Flags used for fragmentation will come back
  to this

• Fragmentation offset used for fragmentation
  will come back to
• Time to live datagram life time as it travels
  used to control the number of hops (routers) a
  datagram can traverse fix infinite loop
  problems
• Protocol defines the higher level protocol (ie.
  TCP, UDP, ICMP, ICMP, etc..) thats using the
  service of the IP layer since the IP Muxes data
  from the Transport layer this field is used to
  demux

5
IP datagram Header cont

• Header Checksum error checking (will cover
  later)
• Source Address IP address of the source (remain
  unchanged as data traverses)
• Destination Address - IP address of the
  destination (remain unchanged as data traverses)
• Option are not required for every datagram
  used for network testing and debugging will
  cover in more detail later

6
FRAGMENTATION

• Recall we stated that networks that are not able
  to encapsulate the full IP datagram will need to
  fragment
• As the datagrams travel through the network
  hitting various Routers
• the router decapsulates the IP datagram from
  the frame
• The router then processes it
• Then the router encapsulates it in another frame
• This is how routers are able to communicate with
  various networks

Router 1
Router 2
Network 2
Network 3
Network 1
7
MTU
Each Data Link Protocol has it own frame format
one field defines the max size of the data field
when datagram is encapsulated, the total size
of the datagram must not exceed that max size
(why ??? - HW/SW limitations of the physical
network) That value is called a MTU (maximum
transfer unit)

• The largest possible MTU is 65,535 and if this is
  used it makes the IP protocol independent of
  the underlying physical network
• If any other MTU is used, there will be cases
  possibly where the datagram needs to be
  fragmented in order to pass through that network
• As it passes through the network, a previous
  fragment can be fragmented again if that physical
  network has a smaller MTU

8
Flag field

• Fields related to the fragmentation are the ID
  field, flags field and fragmentation offset field
• Id combo of the Id and source Ip address (IP
  protocol used a counter to label datagram)
• Flags 1st reserved, if D set, cant fragment
  (must drop if cant pass), if D0, can fragment.
  If M is set, means more fragments exist
• Fragment offset shows relative position of the
  fragment with respect to the whole datagram

9
Fragmentation example

• Take a datagram of original size 4000 bytes (byte
  0 to 3999) and fragment it into 3 fragments
• The fragment offset is measured in units of 8
  bytes. So the first offset would be 0/80 since
  the starting byte position is 0
• The second starting byte position is 1400 and
  therefore the offset is 1400/8 175
• The third starting byte position is 2800 and
  therefore the offset equals 2800/8350

This is done to ensure the offset can fit in the
13-bit field
Routers/Hosts that fragment must pick a size of
each fragment so that the 1st byte is divisible
by 8 (ie. 0, 8, 16, 24 696 1400 .. 2096
2800 etc)
10
Detailed example
Total Length Id isnt changing
Allow more fragmentation
XDM D1, cant frag D0, can frag M1, more frag
exist M0, no more frag exist
offset
11
Re-assembly

• Even if the fragments arrived to the destination
  out-of-order, the destination host could
  reassemble by
• The 1st fragment always has an offset of zero
• If the 1st fragments length is divided by 8, it
  equals to the 2nd fragments offset
• If the 1st and 2nd fragments total length are
  divided by 8, it equals to the 3rd fragments
  offset
• Continue
• The last fragments more bit should be set to 0
  meaning no more fragments remaining

12
Recall - IP datagram

• IP datagram is variable length consisting of two
  parts (header, data)
• Header is 20-60 bytes contains routing and
  deliver info
• Havent covered options yet

• Option are not required for every datagram
  used for network testing and debugging will
  cover in more detail later

13
Option format
Composed of a 1-byte code field, a 1-byte length
field and a variable-sized data field Length
field defines the total length of the option
(including the code field) Data field contains
the data of the specific option some option
types dont require data
Code field is 8-bits long and contains 3
subfields copy, class and number Copy controls
presence of option. If 0, means copy options to
the first fragment only if 1, means copy option
to all fragments Class defines general purpose
of options. If 00, options is used for datagram
control if 10, options used for management and
debugging. Number defines the type of option. As
of now, only 6 types defined
14
Regarding the Number field

• Number defines the type of option. As of now,
  only 6 types defined
• 2 of the option types are 1-byte in size (doesnt
  need length and data fields)
• 4 of the options are multiple-byte and require
  the length and data fields

• Used as a filler between options (using a 16-bit
  or 32-bit boundary) know the starting point of
  the next option
• Used at the end of the last option for padding
• Record the Internet routers that can handle the
  datagram ( can list up to 9 router IP addresses)

• Used by the source to predetermine a route for a
  datagram as it traverses
• Used by the source to predetermine a route too
  (but more relaxed than the Strict Source Route
  Option)
• Record the time the datagram is processed by a
  router

15
Regarding the Record route option

• The Tx creates a placeholder for the visited
  routers to fill in their IP addresses
• The pointer field is used to point to the first
  empty entry so the router knows where to enter
  its outgoing IP address (address the datagram is
  leaving)

16
Record route concept
Can have only 3 IP addresses because of 12315
Outgoing IP address
Pointer field value of 4 when starting out
Increment pointer
17
Regarding the Strict source route option

• Option used by the source to predetermine a route
  for the datagram as it traverses the Internet
• In this case, the routers are specified up front
  in dictating the specific route. All routers
  MUST be visited if other routers are visited,
  the datagram is dropped) if all of the listed
  routers are not visited, the datagram is dropped
• Routers are entered by the sender

Why security, distinguish among different
networks, dont want certain traffic to leave
your network, etc.
18
Loose source route option

• Similar to the Strict Source Route Option but
  more relaxed
• In this case, the routers are specified up front
  and all MUST be visited ( however, other routers
  can be visited too)

19
Timestamp option

• Used to record the time of datagram processing by
  a router (expressed in milliseconds from
  midnight)
• Use this to track the routers behavior time
  from one router to the next
• O-flow of routers that could not add their
  timestamp
• Flags dictates what the router should do (ie.
  add timestamp, add timestamp IP address, etc..)

20
CHECKSUM

• The error detection method used by most TCP/IP
  protocols is called checksum
• The checksum protects against bit corruption that
  could possibly occur during transmission
• Checksum calculated at the Tx and is appended
  with the sent data
• The Rx repeats the calculation in determining if
  the data is correct or not

Give them an analogy in base-10
21
To create the checksum the sender does the
following 1. The packet is divided into k
sections, each of n bits (usually 16) 2.
All sections are added together using ones
complement arithmetic. 3. The final result is
complemented to make the checksum.

• Checksum process at the receiver is as follows
• The received packet is divided into k sections
• All sections are added together
• 3. The final result is complemented and should
  equal zero if correct
• NOTE value (-value) 0

22
When to apply the checksum

• For IP datagram, Checksum is used on the header
  only (and not the data)
• The header needs to be check because its
  changing router-to-router (the data itself is
  static)
• Recall that the higher-level protocols
  encapsulate data into the datagram and uses their
  own checksum

23
Recall Binary Addition

• 1010 (neg 5)
• 0010 (pos 2)
• 1100 (neg 3)
• 1101 (neg 2)
• 0111 (pos 7)
• 10100 (overflow add the 1 back)
• 0101 (pos 5)
• Recall complement
• 0011