Internet Protocol (IP)

The IP protocol provides a hierarchical, hardware-independent addressing system and offers the services necessary for delivering data on a complex, routed network. Each network adapter on a TCP/IP network has a unique IP address.

IP addresses on the network are organized so that you can tell the location of the host—the network or subnet where the host resides—by looking at the address (see Figure 4.2). In other words, part of the address is a little like a ZIP Code (describing a general location), and part of the address is a little like the street address (describing an exact location within that general area).

It is easy for a person to look at Figure 4.2 and say, "Every address that starts with 192.132.134 must be in Building C." A computer, though, requires a bit more hand-holding. The IP address is therefore divided into two parts:

• The network ID

• The host ID

The owners of a network can also impose an additional hierarchical level by assigning a subnet ID. You'll learn more about subnets and subnet IDs in Hour 5, "Subnetting."

As you'll learn later in this hour, the IP module of the protocol software can determine from the address itself what part of the address is the network ID and what part is the host ID.

IP Header Fields

Every IP datagram begins with an IP header. The TCP/IP software on the source computer constructs the IP header. The TCP/IP software at the destination uses the information enclosed in the IP header to process the datagram. The IP header contains a great deal of information, including the IP addresses of the source and destination computers, the length of the datagram, the IP version number, and special instructions to routers.

The minimum size for an IP header is 20 bytes. Figure 4.3 shows the contents on the IP header.

The header fields in Figure 4.3 are as follows:

• Version— This 4-bit field indicates which version of IP is being used. The current version of IP is 4. The binary pattern for 4 is 0100.

• IHL (Internet Header Length)— This 4-bit field gives length of the IP header in 32-bit words. The minimum header length is five 32-bit words. The binary pattern for 5 is 0101.

• Type of Service— The source IP can designate special routing information. Some routers ignore the Type of Service field, although this field recently has received more attention with the emergence of Quality of Service (QoS) technologies. The primary purpose of this 8-bit field is to provide a means of prioritizing datagrams that are waiting to pass through a router. Most implementations of IP today simply put all zeros in this field.

• Total Length— This 16-bit field identifies the length, in octets, of the IP datagram. This length includes the IP header and the data payload.

• Identification— This 16-bit field is an incrementing sequence number assigned to messages sent by the source IP. When a message is sent to the IP layer and it is too large to fit in one datagram, IP fragments the message into multiple datagrams, giving all datagrams the same identification number. This number is used on the receiving end to reassemble the original message.

• Flags— The Flags field indicates fragmentation possibilities. The first bit is unused and should always have a value of zero. The next bit is called the DF (Don't Fragment) flag. The DF flag signifies whether fragmentation is allowed (value = 0) or not (value = 1), The next bit is the MF (More Fragments) flag, which tells the receiver that more fragments are on the way. When MF is set to 0, no more fragments need to be sent or the datagram never was fragmented.

• Fragment Offset— This 13-bit field is a numeric value assigned to each successive fragment. IP at the destination uses the fragment offset to reassemble the fragments into the proper order. The offset value found here expresses the offset as a number of 8-byte units.

• Time to Live— This bit field indicates the amount of time in seconds or router hops that the datagram can survive before being discarded. Every router examines and decrements this field by at least 1, or by the number of seconds the datagram is delayed inside the router. The datagram is discarded when this field reaches zero.

A hop or a router hop correlates to a router that a datagram travels through on its way to its destination. If a datagram passes through five routers before arriving at its destination, the destination is said to be five hops, or five router hops, away.

• Protocol— The 8-bit Protocol field indicates the protocol that will receive the data payload. A datagram with the protocol identifier 6 (binary 00000110) is passed up the stack to the TCP module, for example. The following are some common protocol values:

  Protocol Name	Protocol Identifier
  ICMP	1
  TCP	6
  UDP	17

• Header Checksum— This field holds a 16-bit calculated value to verify the validity of the header only. This field is recomputed in every router as the TTL field decrements.

• Source IP Address— This 32-bit field holds the address of the source of the datagram.

• Destination IP Address— This 32-bit field holds the destination address of the datagram and is used by the destination IP to verify correct delivery.

• IP Options— This field supports a number of optional header settings primarily used for testing, debugging, and security. Options include Strict Source Route (a specific path router path that the datagram should follow), Internet Timestamp (a record of timestamps at each router), and security restrictions.

• Padding— The IP Options field may vary in length. The Padding field provides additional zero bits so that the total header length is an exact multiple of 32 bits. (The header must end after a 32-bit word because the IHL field measures the header length in 32-bit words.)

• IP Data Payload— This field typically contains data destined for delivery to TCP or UDP (in the Transport layer), ICMP, or IGMP. The amount of data is variable but could include thousands of bytes.

IP Addressing

An IP address is a 32-bit binary address. This 32-bit address is subdivided into four 8-bit segments called octets. Humans do not work well with 32-bit binary addresses or even 8-bit binary octets, so the IP address is almost always expressed in what is called dotted decimal format. In dotted decimal format, each octet is given as an equivalent decimal number. The four decimal values (4 x 8 = 32 bits) are then separated with periods. Eight binary bits can represent any whole number from 0 to 255, so the segments of a dotted decimal address are decimal numbers from 0 to 255. You have probably seen examples of dotted decimal IP addresses on your computer, in this book, or in other TCP/IP documents. A dotted decimal IP address looks like this: 209.121.131.14.

Part of the IP address is used for the network ID, and part of the address is used for the host ID. One complication is that the portion of the address allotted to the network ID varies, depending on the address. Most IP addresses fall into the following address classes:

• Class A addresses— The first 8 bits of the IP address are used for the network ID. The final 24 bits are used for the host ID.

• Class B addresses— The first 16 bits of the IP address are used for the network ID. The final 16 bits are used for the host ID.

• Class C addresses— The first 24 bits of the IP address are used for the network ID. The final 8 bits are used for the host ID.

More bits lead to more bit combinations. As you might guess, the Class A format provides a small number of possible network IDs and a huge number of possible host IDs for each network. A Class A network can support approximately 2²⁴, or 16,777,216 hosts. A Class C network, on the other hand, can provide host IDs for only a small number of hosts (approximately 2⁸, or 256), but many more combinations of network IDs are available in the Class C format.

You might be wondering how a computer or router knows whether to interpret an IP address as a Class A, Class B, or Class C address. The designers of TCP/IP wrote the address rules such that the class of an address is obvious from the address itself. The first few bits of the binary address specify whether the address should be interpreted as a Class A, Class B, or Class C address (see Table 4.1). The rules for interpreting addresses are as follows:

• If the 32-bit binary address starts with a 0 bit, the address is a Class A address.

• If the 32-bit binary address starts with the bits 10, the address is a Class B address.

• If the 32-bit binary address starts with the bits 110, the address is a Class C address.

This scheme (thankfully) is easy to convert to dotted decimal notation because these rules have the effect of limiting the range of values for the first term in the dotted decimal address. For instance, because a Class A address must have a 0 bit in the leftmost place of the first octet, the first term in a Class A dotted decimal address cannot be higher than 127. You'll learn more about converting binary numbers to decimal later in this hour. For purposes of this discussion, Table 4.1 shows the address ranges for Class A, B, and C networks. Note that some address ranges are listed as excluded addresses. Certain IP address ranges are not assigned to networks because they are reserved for special uses. You'll learn more about special IP addresses later in this hour.

Table 4.1. Address Ranges for Class A, B, and C Networks

Address Class	Binary Address Must Begin with	First Term of Dotted Decimal Address Must Be	Excluded Addresses
A	0	0 to 127	10.0.0.0 to 10.255.255.255 127.0.0.0 to 127.255.255.255
B	10	128 to 191	172.16.0.0 to 172.31.255.255
C	110	192 to 223	192.168.0.0 to 192.168.255.255

The owner of a network can divide the network into smaller subnetworks called subnets. Subnetting essentially borrows some of the bits of the host ID to create additional networks within the network. As you can probably guess, Class A and B networks, with their large host ID address spaces, make extensive use of subnetting. Subnetting is also used on Class C networks. You'll learn more about subnetting in Hour 5.

Converting a 32-Bit Binary Address to Dotted Decimal Format

Binary (base 2) numbers are similar to decimal (base 10) numbers except that the place values are multiples of 2 instead of multiples of 10. As Figure 4.4 shows, a decimal whole number begins with the ones place on the right, and each successive value to the left is a higher multiple of 10. A value of a decimal number is just the sum of the values for each decimal place. For instance, (as shown) the value of the decimal number 126,325 is determined as follows: (1 x 100,000) + (2 x 10,000) + (6 x 1000) + (3 x 100) + (2 x 10) + (5 x 1) = 126,325.

A binary whole number also starts with the ones place on the right. Each successive value to the left is a higher multiple of 2 (see Figure 4.5).

To determine the decimal equivalent of a binary value, add the place values of any bit that holds a one. Remember that the IP address is comprised of four octets that must each be converted separately to decimal format. Following is an example showing how to convert a 32-bit binary IP address to dotted decimal format.

Convert the binary address 01011001000111011100110000011000.

If you need more practice converting a binary address to dotted decimal format, check the Workshop section at the end of this hour.

Converting a Decimal Number to a Binary Octet

The process of converting a decimal number to binary is a matter of going backward through the process shown in Figure 4.5. If you need to convert a dotted decimal address to a 32-bit binary address, convert each period-separated number in the address to a binary octet and then concatenate the octets. The following procedure shows how to convert the decimal number 207 to a binary octet.

To convert the decimal number 207 to a binary octet, follow these steps:

You have now converted the decimal number 207 to its binary equivalent 11001111.

Classes D and E

As you learned earlier in this hour, the IP specifications also provide for Class D and Class E addresses.

Most TCP/IP communication is either host-to-host (sent from one source computer to one destination computer) or broadcast (sent to all computers on the segment or network). Class D addresses, on the other hand, are used for multicasting. A multicast is a single message sent to a subset of the network. The four leftmost bits of a Class D network address always start with the binary pattern 1110, which corresponds to decimal numbers 224 through 239.

The Internet RFCs specify a number of permanent multicast addresses. Multicasting is an advanced topic and is not covered in any greater depth in this book.

Class E networks are considered experimental. They are not normally used in any production environment.

The five leftmost bits of a Class E network always start with the binary pattern 11110, which corresponds to decimal numbers 240 through 247.

Special IP Addresses

A few IP addresses have special meanings and are not assigned to specific hosts. An all-zero host ID refers to the network itself. For instance, the IP address 129.152.0.0 refers to the Class B network with the network ID 129.152.

An all-ones host ID signifies a broadcast. A broadcast is a message sent to all hosts on the network. The IP address 129.152.255.255 is the broadcast address for the Class B network with the network ID 129.152. (Note that the dotted decimal term 255 corresponds to the all-ones binary octet 11111111.)

The address 255.255.255.255 can also be used for broadcast on the network.

Addresses beginning with the term 127 are loopback addresses. A message addressed to a loopback address is sent by the local TCP/IP software to itself. The loopback address is used to verify that the TCP/IP software is functioning. See the discussion of the ping utility in Hour 13, "Connectivity Utilities." The loopback address 127.0.0.1 is commonly used.

RFC 1597 also reserves some IP address ranges for private networks. The assumption is that these private address ranges are not connected to the Internet, so the addresses don't have to be unique. In today's world, these private address ranges are often used for the protected network behind network translation devices:

• 10.0.0.0 to 10.255.255.255

• 172.16.0.0 to 172.31.255.255

• 192.168.0.0 to 192.168.255.255

Because the private address ranges don't have to be synchronized with the rest of the world, the complete address range is available for any network. A network administrator using these private addresses has more room for subnetting, and many more assignable addresses. See Hour 9 for more on network translation devices.