2.3 Network-Layer Protocols: IP, ICMP, and ARP

2.3.1 Internet Protocol

The Internet Protocol (IP) is defined in RFC 791. RFC 791 provides the detailed specification of the protocol, which provides the guidelines for implementations . IP hides the underlying physical network and creates a virtual network view. This concept enables different types of physical networks to be viewed as an IP network as long as they have IP as their network layer. IP runs over virtually all types of physical media today. This simple and elegant concept has been the cause for the expansive growth of the Internet. IP is an unreliable, best-effort, and connectionless packet delivery protocol. "Best-effort" means that if something goes wrong and the packet gets lost, corrupted, misdelivered, or in any way fails to reach its intended destination, the network does nothing. It does not make any attempt to rectify the error. The Internet Protocol provides for transmitting blocks of data, called datagrams, from sources to destinations, where sources and destinations are hosts identified by fixed-length addresses. The Internet Protocol also provides for fragmentation and reassembly of long datagrams, if necessary, for transmission through "small packet" networks. IP provides two basic functions in addition to the primary task of moving datagrams through an interconnected set of networks:

• Addressing

• Fragmentation

Addressing enables packets to be routed to their destination, and fragmentation allows packets that contain large amounts of data to be segmented and reassembled as they traverse paths that have smaller packet size capability.

Addresses are of fixed length (in the case of IP version 4 (IPv4) it is 4 octets, and in the case of IP version 6 (IPv6) it is 16 octets). The model of operation is that an Internet module resides in each host engaged in Internet communication and in each gateway that interconnects networks. These modules share common rules for interpreting address fields and for fragmenting and assembling Internet datagrams. In addition, these modules ( especially in gateways) have procedures for making routing decisions and other functions. The Internet Protocol treats each Internet datagram as an independent entity unrelated to any other Internet datagram. There are no connections or logical circuits (virtual or otherwise ).

The IP datagram is fundamental to the Internet Protocol. Every datagram carries sufficient information that allows the network to forward the packet to its correct destination. Like most packets, the IP datagram consists of a header followed by a number of bytes of data. The format of the IPv4 and IPv6 headers is shown in Figure 2-4.

The Version field specifies the version of IP. In the case of IPv4 it is 4, and in the case of IPv6 it is 6.

Hlen specifies the length of the header. IPv6 has a fixed-length header; hence Hlen is not required. Type of Service or TOS allows the packets to be treated differently based on application needs. The TOS field is now called as the DS (Diffserv) field. The Class field was the replacement for the TOS field in IPv6, and the Class field is also now referred to as the DS field (RFC 2474). The Length field specifies the length of the datagram, including the header. The payload length is the equivalent in IPv6, and it does not include the header. Flow label in IPv6 is used to label packets requesting special handling by routers. The Identification field is used in fragmentation and assembly of packets. The flags indicate whether a packet is a part of a fragment and also indicate whether intermediate routers can fragment or not. In IPv6, fragmentation is done only at the endpoints, and intermediate routers do not perform fragmentation. IPv6 simplified the IP header by defining a set of extension headers. The Next Header field in the IPv6 header is used to indicate the type of next header following the IP header. Time to Live and the Hop Limit fields are used to determine how many hops a packet will survive in the Internet before it is dropped. The current value is 64, and each router along the way decrements the value by 1. The Protocol field is a demultiplexing key that identifies the higher-layer protocol. A Checksum of the IP header is calculated by considering the entire IP header. The source address and destination address allow a packet to be routed to/from hosts across the Internet. Further details of addressing are covered in Section 2.6.

2.3.2 Internet Control Message Protocol

Internet Control Message Protocol (ICMP) is described in RFC 792. ICMP is an integral part of IP and must be implemented in every IP node. ICMP uses IP as if it were a higher-layer protocol. ICMP messages are sent in several situations: for example, when a datagram cannot reach its destination, when the router does not have the buffering capacity to forward a datagram, and when the router can direct the host to send traffic on a shorter route. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. There are still no guarantees that a datagram will be delivered or a control message will be returned. Some datagrams may still be undelivered without any report of their loss. The ICMP messages typically report errors in the processing of datagrams. To avoid the infinite regress of messages about messages, no ICMP messages are sent about ICMP messages. Also, ICMP messages are only sent about errors in handling fragment zero of fragemented datagrams.

There are two simple and widely used applications that are based on ICMP: Ping and Traceroute. Ping uses the ICMP Echo and Echo Reply messages to determine whether a host is reachable . Traceroute sends IP datagrams with low Time to live (TTL) values so that they expire en route to a destination. It uses the resulting ICMP Time Exceeded messages to determine where in the Internet the datagrams expired and pieces together a view of the route to a host.

2.3.3 Address Resolution Protocol

The Address Resolution Protocol (ARP) is responsible for converting the higher-level protocol addresses (IP addresses) to physical network addresses. It is described in RFC 826. The goal is to enable each host on a network to build up a table of mappings between IP addresses and link-layer addresses. On a single physical network, individual hosts are known on the network by their physical hardware address. Higher-level protocols address destination hosts in the form of a symbolic address (IP address in this case). When such a protocol wants to send a datagram to destination IP address wxyz, the device driver does not understand this address. Therefore, a module (ARP) is provided that will translate the IP address to the physical address of the destination host. It uses a lookup table (sometimes referred to as the ARP cache) to perform this translation. When the address is not found in the ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. If one of the machines on the network recognizes its own IP address in the request, it will send an ARP reply back to the requesting host. The reply will contain the physical hardware address of the host and source route information (if the packet has crossed bridges on its path ). Both this address and the source route information are stored in the ARP cache of the requesting host. All subsequent datagrams to this destination IP address can now be translated to a physical address, which is used by the device driver to send out the datagram on the network.

ARP is applicable to IPv4 only. IPv6 has developed a concept called as Neighbor Discovery, which is a replacement for ARP. Neighbor Discovery has the same functionality as ARP in IPv6. IPv6 nodes on the same link use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors.