Protocols operating at different layers of the OSI reference model use different names for the protocol data units (PDUs) they create. Network layer protocols create datagrams, for example, whereas data-link layer protocols create frames . The term packet is generic and can refer to the PDU created by any protocol.

During the transportation process, various systems might encapsulate the datagram in different data-link layer protocol headers, but the datagram itself remains intact. The process is similar to the delivery of a letter by the post office, with IP functioning as the envelope. The letter might be placed into different mailbags and transported by various trucks and planes during the course of its journey, but the envelope remains sealed. Only the addressee is permitted to open it and make use of the contents.

The IP Standard

The TCP/IP protocols are defined in documents called Requests for Comments (RFCs), which are published by a body called the Internet Engineering Task Force (IETF). Unlike most networking standards, TCP/IP specifications are released to the public domain and are freely available on the Internet at many different sites, including the IETF's home page (www.ietf.org). The IP specification was published as RFC 791 in September 1981 and was later ratified as Internet Standard 5.

IP Functions

IP performs several functions that are essential to the internetworking process, including the following:

• Encapsulation.   The packaging of the transport layer data into a datagram
• Addressing.   The identification of systems in the network using IP addresses
• Routing.   The identification of the most efficient path to the destination system through the internetwork
• Fragmentation.   The division of data into fragments of an appropriate size for transmission over the network
• Protocol identification.   The specification of the transport layer protocol that generated the data in the datagram

These functions are discussed in the following sections.

IP Encapsulation

The header that IP applies to the data it receives from the transport layer protocol is typically 20 bytes long. The datagram format is shown in Figure 6.2.

Figure 6.2   The IP datagram format

The datagram fields perform the following functions:

• Version (4 bits).   This field specifies the version of the IP protocol used to create the datagram. The version in current use is 4, but IP version 6 is currently in development.
• Internet Header Length (IHL, 4 bits).   This field specifies the length of the datagram's header, in 32-bit (4-byte) words. The typical length of a datagram header is five words (20 bytes), but if the datagram includes additional options, it can be longer, which is the reason for having this field.
• Type Of Service (1 byte).   This field contains a code that specifies the service priority for the datagram. This is a rarely used feature that enables a system to assign a priority to a datagram that routers observe while forwarding it through an internetwork. The values provide a trade-off among delay, throughput, and reliability.
• Total Length (2 bytes).   This field specifies the length of the datagram, including that of the Data field and all of the header fields, in bytes.
• Identification (2 bytes).   This field contains a value that uniquely identifies the datagram. The destination system uses this value to reassemble datagrams that have been fragmented during transmission.
• Flags (3 bits).   This field contains bits used to regulate the datagram fragmentation process.
• Fragment Offset (13 bits).   When a datagram is fragmented, the system inserts a value in this field that identifies this fragment's place in the datagram.
• Time To Live (TTL, 1 byte).   This field specifies the number of networks that the datagram should be permitted to travel through on the way to its destination. Each router that forwards the datagram reduces the value of this field by one. If the value reaches zero, the datagram is discarded.
• Protocol (1 byte).   This field contains a code that identifies the protocol that generated the information found in the Data field.
• Header Checksum (2 bytes).   This field contains a checksum value computed on the IP header fields only (and not the contents of the Data field) for the purpose of error detection.
• Source IP Address (4 bytes).   This field specifies the IP address of the system that generated the datagram.
• Destination IP Address (4 bytes).   This field specifies the IP address of the system for which the datagram is destined.
• Options (variable).   This field is present only when the datagram contains one or more of the 16 available IP options. The size and content of the field depends on the number and the nature of the options.
• Data (variable).   This field contains the information generated by the protocol specified in the Protocol field. The size of the field depends on the data-link layer protocol used by the network over which the system will transmit the datagram.

IP Addressing

The IP protocol is unique among network layer protocols because it has its own self-contained addressing system that it uses to identify computers on an internetwork of almost any size. Other network layer protocols (such as IPX) use the hardware addresses coded into network interface adapters to identify computers on a LAN, with a separate address for the network, whereas NetBEUI assigns a name to each computer on the LAN and has no network address. IP addresses are 32 bits long and contain both a network identifier and a host identifier. In TCP/IP parlance, the term host refers to a network interface adapter found in a computer or other device. In most cases, each computer on a network has one IP address, but it is actually the network interface adapter ( generally a network interface card [NIC]) that the address represents. A computer with two adapters (such as a router) or one adapter and a modem connection to a network will actually have two IP addresses, one for each interface.

For more information about the structure of IP addresses, see Lesson 2: IP Addressing, in Chapter 8, "TCP/IP Fundamentals."

The IP addresses that a computer inserts into the Source IP Address and Destination IP Address fields of the IP header identify, respectively, the computer that created the packet and the one that will eventually receive it. If the packet is intended for a computer on the local network, the Destination IP Address refers to the same computer as the Destination Address in the data-link protocol header. However, if the packet's destination is a computer on another network, the Destination IP Address refers to a different computer because IP is an end-to-end protocol that deals with the entire journey of the data to its ultimate destination, not just a single network hop, as is the case with the data-link layer protocol.

Data-link layer protocols cannot work with IP addresses, however, so to actually transmit the datagram, IP has to supply the data-link layer protocol with the hardware address of a system on the local network. To do this, IP uses another TCP/IP protocol, called Address Resolution Protocol (ARP). ARP works by generating broadcast messages that contain an IP address on the local network. The system using that IP address must respond to the broadcast, and the reply message contains the system's hardware address. If the datagram's destination system is on the local network, the IP protocol generates an ARP message containing the IP address of that system. If the destination system is located on another network, IP generates an ARP message containing the address of a router on the local network. Once it has received the ARP reply, the IP protocol on the original system can pass the datagram down to the data-link layer protocol and provide it with the hardware address it needs to build the frame.

IP Routing

Routing is the most important and the most complex function of the IP protocol. When a TCP/IP system has to transmit data to a computer on another network, the packets must travel through the routers that connect the networks together. As explained in Chapter 1, "Networking Basics," the source and final destination computers in a case like this are called end systems and the routers are called intermediate systems (see Figure 6.3). When the packets pass through an intermediate system, they only travel up through the protocol stack as high as the network layer, where IP is responsible for deciding where to send the packet next . If the router is connected to the network where the destination system is located, it can transmit the packet there, and the packet's journey is over. If the destination system is located on another network, the router sends the packet to another router, which brings the packet one hop closer to its destination. Depending on the complexity of the internetwork, a packet might pass through dozens of routers on the way to its destination.

Intermediate systems use their own internal routing tables to determine where to send each packet they receive, and it is the compiling of the routing tables that is the most complicated part of the routing process. For more information about routing tables and the other complexities of IP routing, see Chapter 9, "TCP/IP Routing."

Figure 6.3   Packets can travel through multiple intermediate systems to reach an end system

Because packets only reach as high as the network layer in an intermediate system, the datagrams are not opened and used. The router strips off the data-link layer frame and later builds a new one, but the datagram "envelope" remains sealed until it reaches its destination. However, each intermediate system does make some changes to the IP header. The most important of these is the TTL field, which is set with a predetermined value by the computer that generates the packet. Each router, as it processes the packet, reduces this value by one. If the TTL value reaches zero, the router discards the packet. This mechanism prevents packets from circulating endlessly around an internetwork in the event of a routing problem.

When a router discards a packet with a TTL value of zero, it generates an error message called a Time To Live Exceeded In Transit message using the Internet Control Message Protocol (ICMP) and sends it to the system where the packet originated. This informs the system that the packet has not reached its destination. There is a utility program called Traceroute included with most TCP/IP implementations that uses the TTL field to display a list of the routers that packets are using to reach a particular destination. By generating a series of packets with successively larger TTL values, each router in turn generates an ICMP error message identifying the router that discarded the packet. Traceroute assembles the router addresses from the error messages and displays the entire route to the destination. For more information about Traceroute, see Lesson 2: TCP/IP Utilities, in Chapter 10, "TCP/IP Applications."

IP Fragmentation

Routers can connect networks that use different media types and different data-link layer protocols, but to forward packets from one network to another, routers must often repackage the datagrams into different data-link layer frames. In some cases, this is simply a matter of stripping off the old frame and adding a new one, but at other times the data-link layer protocols are different enough to require more extensive repackaging. For example, when a router connects a Token Ring network to an Ethernet network, datagrams arriving from the Token Ring network can be up to 4500 bytes long, whereas the datagrams in Ethernet packets can only be as large as 1500 bytes.

To overcome this problem, the router splits the datagram arriving from the Token Ring network into multiple fragments, as shown in Figure 6.4. Each fragment has its own IP header and is transmitted in a separate data-link layer frame. The size of each fragment is based on the Maximum Transmission Unit (MTU) size for the outgoing network. If they encounter a network with an even smaller MTU, fragments can themselves be split into smaller fragments. Once fragmented, the individual parts of a datagram are not reassembled until they reach the end system, which is their final destination.

Figure 6.4   Routers can split datagrams into fragments for transmission over networks with smaller MTUs

When it fragments a datagram, IP attaches an IP header to each fragment. The Identification field in each fragment's header contains the same value as the datagram's original header, which enables the destination system to associate the fragments of a particular datagram. The router modifies the value of the Total Length fields to reflect the length of each fragment, and it also changes the value of the More Fragments bit in the Flags field from 0 to 1 in all of the fragments except the last one. The value of 1 in this bit indicates that there are more fragments coming for that datagram. The destination system uses this bit to determine when it has received all of the fragments and can begin to assemble them back into the whole datagram.

The Fragment Offset field contains a value that specifies each fragment's place in the datagram. The first fragment has a value of 0 in this field, and the value in the second fragment is the size (in bytes) of the first fragment. The third fragment's offset value is the size of the first two fragments, and so forth. The destination system uses these values to reassemble the fragments in the proper order. Another bit in the Flags field, called the Don't Fragment bit, instructs routers to discard a datagram rather than fragment it. The router returns an ICMP error message to the source system when it discards a packet for this reason.

Run the IPFragmentation video located in the Demos folder on the CD-ROM accompanying this book for a demonstration of the fragmentation process.

Protocol Identification

For the destination system to process the incoming datagram properly, it must know which protocol generated the information carried in the Data field. The Protocol field in the IP header provides this information, using codes that are defined in RFC 1700, "Assigned Numbers," which contains lists of the many codes used by the TCP/IP protocols. Assigned Numbers contains dozens of protocol codes, most of which are for obsolete or seldom-used protocols. The most commonly used values for the Protocol field are as follows :

• 0   IP
• 1   ICMP
• 3   Gateway-to-Gateway Protocol (GGP)
• 6   TCP
• 8   Exterior Gateway Protocol (EGP)
• 17 UDP

Every TCP/IP system has a text file called PROTOCOL that also contains a partial list of the protocol codes expected to be recognized or used by that system. Should you need to look up a protocol code, you may find it easier to look at this file than to find a copy of the "Assigned Numbers" RFC.

The protocols that you most expect to see in the list are TCP and UDP, which are the transport layer protocols that account for much of the IP traffic on a TCP/IP network. However, IP also carries other types of information in its datagrams, including ICMP messages, which notify systems of errors and other network conditions, and messages generated by routing protocols like GGP and EGP, which TCP/IP systems use to automatically update their routing tables.

IP Options

IP options are additional header fields that enable datagrams to carry extra information and, in some cases, accumulate information as they travel through an internetwork on the way to their destinations. Some of the options defined in the IP standard are as follows:

• Loose Source Route.   This option contains a list of router addresses that the datagram must use as it travels through the internetwork. The datagram can use other routers in addition to those listed.
• Strict Source Route.   This option contains a complete list of the router addresses that the datagram must use as it travels through the internetwork. The datagram cannot use any routers other than those listed.
• Record Route.   This option provides an area in which routers can add their IP addresses when they process the datagram.
• Timestamp.   This option provides an area in which routers can add timestamps indicating when they processed the datagram. The source system can supply a list of router addresses that are to add timestamps, or the routers can be allowed to add their own IP addresses along with the timestamps.

Exercise 1: IP Functions

Match the IP functions in the left column with the descriptions in the right column.