Figure 1-2 shows the format of the IP packet header, specified in RFC 791. Most fields in this packet have some importance to routing. Figure 1-2. IP packet protocol.
Version identifies the IP version to which the packet belongs. This four-bit field is set to binary 0100 to indicate version 4 (IPv4) or binary 0110 to indicate version 6 (IPv6). This chapter is concerned primarily with IPv4, whereas Chapter 2, "IPv6 Overview," focuses on IPv6. Table 1-1 shows all currently assigned version numbers, along with a few of the relevant RFCs. All versions other than 4 and 6 (built on an earlier proposal called Simple Internet Protocol, or SIP, which also carried a version number of 6) now exist only as "culture," and it will be left to the curious to read their cited RFCs.
Header Length is a four-bit field that tells, as the name implies, the length of the IP header in 32-bit words. This field is included because the Options field (described later in this section) can vary in size. The minimum length of the IP header is 20 octets, and the options might increase this size up to a maximum of 60 octetsthe maximum length in 32-bit words that can be described by this field. Type of Service (TOS) is an eight-bit field that can be used for specifying special handling of the packet. This field actually can be broken down into two subfields: Precedence and TOS. Precedence sets a priority for the packet, the way a package might be sent overnight, two-day delivery, or general post. TOS allows the selection of a delivery service in terms of throughput, delay, reliability, and monetary cost. Although this field is not commonly used (all the bits will usually be set to zero), early specifications of the Open Shortest Path First (OSPF) protocol called for TOS routing. Also, the Precedence bits are occasionally used in quality of service (QoS) applications. Part (a) of Figure 1-3 summarizes the eight TOS bits; for more information, see RFC 1340 and RFC 1349. Figure 1-3. Type of Service (a) or DiffServ and ECN (b) field.In recent years, the ToS field has been redefined as a part of the Differentiated Services (DiffServ) framework.[3] This framework creates a much more flexible handling of IP packets than was allowed by the relatively rigid ToS definitions. With DiffServ, you can define service classes on a router and then sort packets into these classes. The router can then queue and forward packets with different levels of priority, according to their classification. Each queuing and forwarding treatment is called a Per-Hop Behavior (PHB). While DiffServ defines the framework or architecture, the mechanism itself is called Differentiated Class of Service or simply Class of Service (COS).
Part (b) of Figure 1-3 shows how the ToS field has been redefined, so that the first six bits now compose the DiffServ Code Point (DSCP). With these six bits you can define, either arbitrarily or according to service classes predefined in the DiffServ architecture, up to 64 different service classes that can then be sorted into PHBs. Note that the field in the IP header remains 8 bits; the DiffServ architecture just redefines how a router interprets the value in that field. Explicit Congestion Notification (ECN), in part (b) of Figure 1-3, is used by some routers to signal support for Explicit Congestion Notification and, when it is supported, the bits can be used to signal congestion (ECN = 11).[4]
Total Length is a 16-bit field specifying the total length of the packet, including the header, in octets. By subtracting the header length, a receiver might determine the size of the packet's data payload. Because the largest decimal number that can be described with 16 bits is 65,535, the maximum possible size of an IP packet is 65,535 octets. Identifier is a 16-bit field used in conjunction with the Flags and Fragment Offset fields for fragmentation of a packet. Packets must be fragmented into smaller packets if the original length exceeds the Maximum Transmission Unit (MTU) of a data link through which they pass. For example, consider a 5000-byte packet traveling through a network. It encounters a data link with a 1500 byte MTU. That is, the frame can contain a maximum packet size of 1500 bytes. The router that places the packet onto this data link must first fragment the packet into chunks of no more than 1500 octets each. The router then marks each fragment with the same number in the Identifier field so that a receiving device can identify the fragments that go together.[5]
Flags is a three-bit field in which the first bit is unused. The second is the Don't Fragment (DF) bit. When the DF bit is set to one, a router cannot fragment the packet. If the packet cannot be forwarded without fragmenting, the router drops the packet and sends an error message to the source. This function enables the testing of MTUs in a network. The DF bit can be set using the Extended Ping utility in IOS, as shown in Example 1-1. Example 1-1. The IOS Extended Ping utility allows the setting of the DF bit to test MTUs across a network. In this ping Output, the largest MTU of the path to destination 172.16.113.17 is 1478 octets.Handy#ping Protocol [ip]: Target IP address: 172.16.113.17 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address: Type of service [0]: Set DF bit in IP header? [no]: y Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: r Number of hops [9]: Loose, Strict, Record, Timestamp, Verbose[RV]: Sweep range of sizes [n]: y Sweep min size [76]: 500 Sweep max size [18024]: 2000 Sweep interval [1]: 500 Type escape sequence to abort. Sending 4, [500..2000]-byte ICMP Echos to 172.16.113.17, timeout is 2 seconds: Packet has IP options: Total option bytes= 39, padded length=40 Record route: <*> 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Reply to request 0 (16 ms) (size 500). Received packet has options Total option bytes= 40, padded length=40 Record route: 172.16.192.5 172.16.113.18 172.16.113.17 172.16.113.17 172.16.192.6 172.16.192.5 <*> 0.0.0.0 0.0.0.0 0.0.0.0 End of list Reply to request 1 (24 ms) (size 1000). Received packet has options Total option bytes= 40, padded length=40 Record route: 172.16.192.5 172.16.113.18 172.16.113.17 172.16.113.17 172.16.192.6 172.16.192.5 <*> 0.0.0.0 0.0.0.0 0.0.0.0 End of list Reply to request 2 (28 ms) (size 1500). Received packet has options Total option bytes= 40, padded length=40 Record route: 172.16.192.5 172.16.113.18 172.16.113.17 172.16.113.17 172.16.192.6 172.16.192.5 <*> 0.0.0.0 0.0.0.0 0.0.0.0 End of list Unreachable from 172.16.192.6, maximum MTU 1478 (size 2000). Received packet has options Total option bytes= 39, padded length=40 Record route: <*> 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Success rate is 75 percent (3/4), round-trip min/avg/max = 16/22/28 ms Handy# The third bit is the More Fragments (MF) bit. When a router fragments a packet, it sets the MF bit to one in all but the last fragment so that the receiver knows to keep expecting fragments until it encounters a fragment with MF = 0. Fragment Offset is a 13-bit field that specifies the offset, in units of eight octets, from the beginning of the header to the beginning of the fragment.[6] Because fragments might not always arrive in sequence, the Fragment Offset field allows the pieces to be reassembled in the correct order.
Note that if a single fragment is lost during a transmission, the entire packet must be resent and refragmented at the same point in the network. Therefore, error-prone data links could cause a disproportionate delay. And if a fragment is lost because of congestion, the retransmission of the entire series of fragments might increase the congestion. Time to Live (TTL) is an eight-bit field that will be set with a certain number when the packet is first generated. As the packet is passed from router to router, each router will decrement this number. If the number reaches zero, the packet will be discarded and an error message will be sent to the source. This process prevents "lost" packets from wandering endlessly through a network. As originally conceived, the TTL was specified in seconds; if a packet was delayed more than a second in a router, the router would adjust the TTL accordingly. However, this approach is difficult to implement and has never been generally supported. Modern routers simply decrement the TTL by one, no matter what the actual delay, so the TTL is really a hop count.[7] The recommended default TTL is 64, although values such as 15 and 32 are not uncommon.
Some trace utilities, such as the IOS trace command, make use of the TTL field. If the router is told to trace the route to a host address such as 10.11.12.13, the router will send three packets with the TTL set to one; the first router will decrement it to zero, drop the packets, and send back error messages to the source. By reading the source address of the error messages, the first router on the path is now known. The next three packets will be sent with a TTL of two. The first router decrements to one, the second to zero, and an error message is received from the second router. The third set has a TTL of three, and so forth, until the destination is found. All routers along the network path will have identified themselves. Example 1-2 shows the output from an IOS trace. Example 1-2. The trace utility uses the TTL field to identify routers along a route. Asterisks indicate timed-out packets.Elvis#traceroute www.cisco.com Type escape sequence to abort. Tracing the route to cio-sys.Cisco.COM (192.31.7.130) 1 172.18.197.17 4 msec 4 msec 4 msec 2 ltlrichard-s1-13.hwy51.com (172.18.197.1) 36 msec 44 msec 2536 msec 3 cperkins-rtr-fr2.hwy51.com (10.168.204.3) 104 msec 64 msec * 4 cberry.hwy51.com (10.168.193.1) 92 msec * 5 jllewis-inner.hwy51.com (10.168.207.59) 44 msec * 44 msec 6 bholly-fw-outer-rt.hwy51.com (10.168.207.94) 44 msec * 48 msec 7 sl-stk-14-S10/0:6-512k.sprintlink.net (144.228.214.107) 92 msec * 8 sl-stk-2-F1/0/0.sprintlink.net (144.228.40.2) 52 msec 1156 msec * 9 sl-mae-w-H1/0-T3.sprintlink.net (144.228.10.46) 100 msec 124 msec 2340 msec 10 sanjose1-br1.bbnplanet.net (198.32.136.19) 2264 msec 164 msec * 11 paloalto-br2.bbnplanet.net (4.0.1.10) 64 msec 60 msec * 12 su-pr2.bbnplanet.net (131.119.0.218) 76 msec 76 msec 76 msec 13 cisco.bbnplanet.net (131.119.26.10) 2560 msec 76 msec 936 msec 14 sty.cisco.com (192.31.7.39) 84 msec 72 msec * 15 cio-sys.Cisco.COM (192.31.7.130) 60 msec * 64 msec Elvis# Protocol is an eight-bit field that gives the "address," or protocol number, of the host-to-host or transport layer protocol for which the information in the packet is destined. Table 1-2 shows a few of the more common of the 100 or so different protocol numbers currently assigned.
Header Checksum is the error detection field for the IP header. The checksum is not calculated for the encapsulated data; UDP, TCP, and ICMP have their own checksums for doing this. The field contains a 16-bit one's complement checksum, calculated by the originator of the packet. The receiver will again calculate a 16-bit one's complement sum, including the original checksum. If no errors have occurred during the packet's travels, the resulting checksum will be all ones. Remember that each router decrements the TTL; therefore, the checksum must be recalculated at each router. RFC 1141 discusses some strategies for simplifying this calculation. Source and Destination Addresses are the 32-bit IP addresses of the originator of the packet and the destination of the packet. The format of IP addresses is covered in the next section, "IPv4 Addresses." Options is a variable-length field and, as the name says, is optional. Space is added to the packet header to contain either source-generated information or for other routers to enter information; the options are used primarily for testing. The most frequently used options are
All these options might be invoked by using the Extended Ping on Cisco routers. Record route is used in Example 1-1, loose source routing and timestamp are used in Example 1-3, and strict source routing is used in Example 1-4. Example 1-3. The Cisco Extended Ping can be used to set parameters in the Options field of the IP header. In this example, loose source routing and timestamp are used.Handy#ping Protocol [ip]: Target IP address: 172.16.113.9 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address: Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: l Source route: 172.16.113.14 172.16.113.10 Loose, Strict, Record, Timestamp, Verbose[LV]: t Number of timestamps [ 6 ]: 2 Loose, Strict, Record, Timestamp, Verbose[LTV]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.113.9, timeout is 2 seconds: Packet has IP options: Total option bytes= 23, padded length=24 Loose source route: <*> 172.16.113.14 172.16.113.10 Timestamp: Type 0. Overflows: 0 length 12, ptr 5 >>Current pointer<< Time= 0 Time= 0 Request 0 timed out Reply to request 1 (76 ms). Received packet has options Total option bytes= 24, padded length=24 Loose source route: 172.16.113.13 172.16.192.6 <*> Timestamp: Type 0. Overflows: 6 length 12, ptr 13 Time= 80FF4798 Time= 80FF4750 >>Current pointer<< End of list Request 2 timed out Reply to request 3 (76 ms). Received packet has options Total option bytes= 24, padded length=24 Loose source route: 172.16.113.13 172.16.192.6 <*> Timestamp: Type 0. Overflows: 6 length 12, ptr 13 Time= 80FF4FC0 Time= 80FF4F78 >>Current pointer<< End of list Request 4 timed out Success rate is 40 percent (2/5), round-trip min/avg/max = 76/76/76 ms Handy# Example 1-4. Extended Ping is used here to set strict source routing in the ping packets.Handy#ping Protocol [ip]: Target IP address: 172.16.113.10 Repeat count [5]: 2 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address: Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: s Source route: 172.16.192.6 172.16.113.17 172.16.113.10 Loose, Strict, Record, Timestamp, Verbose[SV]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 2, 100-byte ICMP Echos to 172.16.113.10, timeout is 2 seconds: Packet has IP options: Total option bytes= 15, padded length=16 Strict source route: <*> 172.16.192.6 172.16.113.17 172.16.113.10 Reply to request 0 (80 ms). Received packet has options Total option bytes= 16, padded length=16 Strict source route: 172.16.113.10 172.16.113.17 172.16.192.6 <*> End of list Reply to request 1 (76 ms). Received packet has options Total option bytes= 16, padded length=16 Strict source route: 172.16.113.10 172.16.113.17 172.16.192.6 <*> End of list Success rate is 100 percent (2/2), round-trip min/avg/max = 76/78/80 ms Handy# Padding ensures that the header ends on a 32-bit boundary by adding zeros after the option field until a multiple of 32 is reached. A protocol analyzer capture of an IP header is shown in Example 1-5. Compare the information shown with Figure 1-2. Example 1-5. You can see the fields of an IP packet's header and the values contained in each field in this protocol analyzer display.Internet Protocol, Src Addr: 172.16.1.102 (172.16.1.102), Dst Addr: 224.0.0.5 (224.0.0.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) Total Length: 64 Identification: 0x6e61 (28257) Flags: 0x00 Fragment offset: 0 Time to live: 1 Protocol: OSPF IGP (0x59) Header checksum: 0xbcc8 (correct) Source: 172.16.1.102 (172.16.1.102) Destination: 224.0.0.5 (224.0.0.5) |