IP addresses (Internet Protocol version 4, Internet Protocol version 4) - are the main type of addresses used at the network layer of the OSI model to transfer packets between networks. IP addresses consist of four bytes, for example 192.168.100.111.

Assignment of IP addresses to hosts is carried out:

• manually, configured system administrator while setting up a computer network;
• automatically, using special protocols (in particular, using the DHCP protocol - Dynamic Host Configuration Protocol, dynamic host configuration protocol).

IPv4 protocol developed in September 1981.

IPv4 protocol operates at the internetwork (network) level of the TCP/IP protocol stack. The main task of the protocol is to transfer blocks of data (datagrams) from the sending host to the destination host, where the senders and recipients are computers uniquely identified by fixed-length addresses (IP addresses). Also, the Internet Protocol IP carries out, if necessary, fragmentation and collection of sent datagrams for data transmission through other networks with smaller packet sizes.

The disadvantage of the IP protocol is the unreliability of the protocol, that is, a connection is not established before the start of transmission, this means that the delivery of packets is not confirmed, and the correctness of the received data is not monitored (using checksum) and the acknowledgment operation is not performed (exchange of service messages with the destination node and its readiness to receive packets).

The IP protocol sends and processes each datagram as an independent piece of data, that is, without any other connections to other datagrams on the global Internet.

After sending a datagram via IP to the network, further actions with this datagram are in no way controlled by the sender. It turns out that if a datagram, for some reason, cannot be transmitted further over the network, it is destroyed. Although the node that destroyed the datagram has the opportunity to report the reason for the failure to the sender, via the return address (in particular, using the ICMP protocol). The guarantee of data delivery is entrusted to higher-level protocols (transport layer), which are endowed with special mechanisms for this (TCP protocol).

As you know, routers operate at the network layer of the OSI model. Therefore, one of the most basic tasks of the IP protocol is the implementation of datagram routing, in other words, determining the optimal path for datagrams (using routing algorithms) from the sending node of the network to any other node on the network based on the IP address.

On any network node receiving a datagram from the network looks like this:

IP Header Format

The structure of IP packets version 4 is shown in the figure

• Version - for IPv4 the field value should be 4.
• IHL - (Internet Header Length) the length of the IP packet header in 32-bit words (dword). It is this field that indicates the beginning of the data block in the packet. The minimum valid value for this field is 5.
• Type of Service (TOS acronym) - a byte containing a set of criteria that determines the type of service for IP packets, shown in the figure.

Description of the service byte bit by bit:

• 0-2 - priority (precedence) of this IP segment
• 3 - requirement for delay time of IP segment transmission (0 - normal, 1 - low delay)
• 4 - throughput requirement of the route along which the IP segment should be sent (0 - low, 1 - high throughput)
• 5 - requirement for reliability (reliability) of IP segment transmission (0 - normal, 1 - high reliability)
• 6-7 - ECN - explicit delay message (IP flow control).
• Packet Length - The length of the packet in octets, including header and data. The minimum valid value for this field is 20, the maximum is 65535.
• Identifier is a value assigned by the sender of the package and is intended to determine the correct sequence of fragments when assembling the package. For a fragmented packet, all fragments have the same ID.
• 3 flag bits. The first bit must always be zero, the second bit DF (don’t fragment) determines whether the packet can be fragmented, and the third bit MF (more fragments) indicates whether this packet is the last in a chain of packets.
• Fragment offset is a value that determines the position of the fragment in the data stream. The offset is specified by the number of eight byte blocks, so this value requires multiplication by 8 to convert to bytes.
• Time to Live (TTL) is the number of routers this packet must pass through. As the router passes, this number will decrease by one. If the value of this field is zero, then the packet MUST be discarded and a Time Exceeded message (ICMP code 11 type 0) may be sent to the sender of the packet.
• Protocol - The next layer Internet protocol identifier indicates which protocol data the packet contains, such as TCP or ICMP.
• Header checksum - calculated according to RFC 1071

Intercepted IPv4 packet using Wireshark sniffer:

IP packet fragmentation

On the path of a packet from the sender to the recipient, there may be local and global networks of different types with different allowable sizes of data fields of link-level frames (Maximum Transfer Unit - MTU). Thus, Ethernet networks can transmit frames carrying up to 1500 bytes of data; X.25 networks are characterized by a frame data field size of 128 bytes, FDDI networks can transmit frames of 4500 bytes in size; other networks have their own restrictions. The IP protocol is able to transmit datagrams whose length is greater than the MTU of the intermediate network, due to fragmentation - splitting. big package” into a number of parts (fragments), the size of each of which satisfies the intermediate network. After all the fragments have been transmitted through the intermediate network, they will be collected at the recipient node by the IP protocol module back into a “big packet”. Note that the packet is assembled from fragments only by the recipient, and not by any of the intermediate routers. Routers can only fragment packets, not reassemble them. This is because different fragments of the same packet will not necessarily pass through the same routers.

In order not to confuse fragments of different packets, the Identification field is used, the value of which must be the same for all fragments of one packet and not repeated for different packets until the lifetime of both packets has expired. When dividing packet data, the size of all fragments except the last one must be a multiple of 8 bytes. This allows you to allocate less space in the header to the Fragment offset field.

The second bit of the More fragments field, if equal to one, indicates that this fragment is not the last in the packet. If the packet is sent without fragmentation, the “More fragments” flag is set to 0, and the Fragment Offset field is filled with zero bits.

If the first bit of the Flags field (Don’t fragment) is equal to one, then fragmentation of the packet is prohibited. If this packet were to be sent over a network with an insufficient MTU, the router would be forced to discard it (and report this to the sender via ICMP). This flag is used in cases where the sender knows that the recipient does not have enough resources to reconstruct packets from fragments.

All IP addresses can be divided into two logical parts - network numbers and network node numbers (host number). To determine which part of the IP address belongs to the network number and which part belongs to the host number, it is determined by the values ​​of the first bits of the address. Also, the first bits of an IP address are used to determine which class a particular IP address belongs to.

The figure shows the structure of the IP address of different classes.

If the address starts with 0, then the network is classified as class A and the network number occupies one byte, the remaining 3 bytes are interpreted as the node number in the network. Class A networks have numbers ranging from 1 to 126. (Number 0 is not used, and number 127 is reserved for special purposes, as will be discussed below.) Class A networks are few, but the number of nodes in them can reach 2 24, that is 16,777,216 knots.

If the first two bits of the address are equal to 10, then the network belongs to class B. In class B networks, 16 bits, that is, 2 bytes, are allocated for the network number and the node number. Thus, a class B network is a medium-sized network with a maximum number of nodes of 2 16, which is 65,536 nodes.

If the address begins with the sequence 110, then this is a class C network. In this case, 24 bits are allocated for the network number, and 8 bits for the node number. Networks of this class are the most common; the number of nodes in them is limited to 2 8, that is, 256 nodes.

If the address begins with the sequence 1110, then it is a class D address and denotes a special, multicast address. If a packet contains a class D address as a destination address, then such a packet must be received by all nodes to which it is assigned given address.

If the address begins with the sequence 11110, then this means that this address belongs to class E. Addresses of this class are reserved for future use.

The table shows the ranges of network numbers and the maximum number of nodes corresponding to each network class.

Large networks receive class A addresses, medium-sized networks receive class B addresses, and small networks receive class C addresses.

Using masks in IP addressing

In order to obtain a particular range of IP addresses, enterprises were asked to fill out a registration form, which listed the current number of computers and the planned increase in the number computers and as a result, the company was given a class of IP addresses: A, B, C, depending on the data specified in the registration form.

This mechanism for issuing IP address ranges worked normally, this was due to the fact that at first organizations had a small number of computers and, accordingly, small computer networks. But due to the further rapid growth of the Internet and network technologies, the described approach to the distribution of IP addresses began to produce failures, mainly associated with class “B” networks. Indeed, organizations in which the number of computers did not exceed several hundred (say, 500) had to register for themselves an entire class “B” network (since class “C” is only for 254 computers, and class “B” is for 65534). Because of which available networks class “B” was simply not enough, but at the same time large ranges of IP addresses were wasted.

The traditional scheme of dividing an IP address into a network number (NetID) and a host number (HostID) is based on the concept of a class, which is determined by the values ​​of the first few bits of the address. It is precisely because the first byte of the address 185.23.44.206 falls in the range 128-191 that we can say that this address belongs to class B, which means that the network number is the first two bytes, supplemented by two zero bytes - 185.23.0.0, and the number node - 0.0.44.206.

What if we used some other feature that could be used to more flexibly set the boundary between the network number and the node number? Masks are now widely used as such a sign.

Mask- this is the number that is used in conjunction with the IP address; The binary mask entry contains ones in those bits that should be interpreted as a network number in the IP address. Since the network number is an integral part of the address, the ones in the mask must also represent a continuous sequence.

For standard network classes, masks have the following meanings:

• class A - 11111111.00000000.00000000.00000000 (255.0.0.0);
• class B - 11111111. 11111111. 00000000. 00000000 (255.255.0.0);
• class C - 11111111. 11111111.11111111. 00000000 (255.255.255.0).

By providing each IP address with a mask, you can abandon the concept of address classes and make the addressing system more flexible. For example, if the address 185.23.44.206 discussed above is associated with a mask 255.255.255.0, then the network number will be 185.23.44.0, and not 185.23.0.0, as defined by the class system.

Calculation of network number and node number using mask:

In masks, the number of ones in the sequence that defines the boundary of the network number does not have to be a multiple of 8 in order to repeat the division of the address into bytes. Let, for example, for the IP address 129.64.134.5 the mask 255.255.128.0 is specified, that is, in binary form:

• IP address 129.64.134.5 - 10000001. 01000000.10000110. 00000101
• Mask 255.255.128.0 - 11111111.11111111.10000000. 00000000

If you ignore the mask, then, in accordance with the class system, the address 129.64.134.5 belongs to class B, which means that the network number is the first 2 bytes - 129.64.0.0, and the node number is 0.0.134.5.

If you use a mask to determine the boundary of the network number, then 17 consecutive units in the mask, “superimposed” (logical multiplication) on the IP address, determine the number as the network number in binary expression:

or in decimal notation - the network number is 129.64.128.0, and the node number is 0.0.6.5.

There is also a short version of mask notation called prefix or a short mask. In particular, the network 80.255.147.32 with a mask of 255.255.255.252 can be written as 80.255.147.32/30, where “/30” indicates the number of binary units in the mask, that is, thirty binary units (counted from left to right).

For clarity, the table shows the correspondence between the prefix and the mask:

The mask mechanism is widespread in IP routing, and masks can be used for a variety of purposes. With their help, the administrator can structure his network without requiring additional network numbers from the service provider. Based on the same mechanism, service providers can combine address spaces of several networks by introducing so-called “ prefixes"in order to reduce the size of routing tables and thereby increase the performance of routers. In addition, writing a mask as a prefix is ​​much shorter.

Special IP addresses

The IP protocol has several conventions for interpreting IP addresses differently:

• 0.0.0.0 - represents the default gateway address, i.e. the address of the computer to which information packets should be sent if they did not find a destination in the local network (routing table);
• 255.255.255.255 – broadcast address. Messages sent to this address are received by all nodes of the local network containing the computer that is the source of the message (it is not transmitted to other local networks);
• “Network number.” “all zeros” – network address (for example 192.168.10.0);
• “All zeros.” “node number” – a node in this network (for example 0.0.0.23). Can be used to transmit messages to a specific node within a local network;
• If the destination node number field contains only ones, then a packet with such an address is sent to all network nodes with the given network number. For example, a packet with the address 192.190.21.255 is delivered to all nodes on the network 192.190.21.0. This type of distribution is called a broadcast message. When addressing, it is necessary to take into account the restrictions that are introduced by the special purpose of some IP addresses. Thus, neither the network number nor the node number can consist of only binary ones or only binary zeros. It follows that maximum amount nodes given in the table for networks of each class, in practice should be reduced by 2. For example, in class C networks, 8 bits are allocated for the node number, which allows you to set 256 numbers: from 0 to 255. However, in practice, the maximum number of nodes in the network class C cannot exceed 254, since addresses 0 and 255 have a special purpose. From the same considerations, it follows that the end node cannot have an address like 98.255.255.255, since the node number in this class A address consists of only binary ones.
• The IP address has a special meaning, the first octet of which is 127.x.x.x. It is used to test programs and process interactions within the same machine. When a program sends data to the IP address 127.0.0.1, a “loop” is formed. Data is not transmitted over the network, but is returned to upper-level modules as just received. Therefore, on an IP network, it is prohibited to assign IP addresses to machines starting with 127. This address is called loopback. You can assign the address 127.0.0.0 to internal network node routing module, and the address 127.0.0.1 - to the address of this module on the internal network. In fact, any network address 127.0.0.0 serves to designate its routing module, and not just 127.0.0.1, for example 127.0.0.3.

The IP protocol does not have the concept of broadcasting in the sense in which it is used in link-layer protocols of local networks, when data must be delivered to absolutely all nodes. Both the restricted broadcast IP address and the broadcast IP address have Internet propagation limits - they are limited either to the network to which the source host of the packet belongs, or to the network whose number is specified in the destination address. Therefore, dividing the network into parts using routers localizes the broadcast storm to the boundaries of one of the parts that make up the overall network, simply because there is no way to simultaneously address the packet to all nodes of all networks of the composite network.

IP addresses used in local networks

All addresses used on the Internet must be registered, which guarantees their uniqueness on a global scale. These addresses are called real or public IP addresses.

For local networks not connected to the Internet, registration of IP addresses is naturally not required, since, in principle, any possible addresses. However, in order to avoid the possibility of conflicts when such a network is subsequently connected to the Internet, it is recommended to use only the following ranges of so-called private IP addresses on local networks (these addresses do not exist on the Internet and it is not possible to use them there), presented in the table.

IP protocol

Basic Functions of the IP Protocol

The basis of the TCP/IP protocol stack transports is Internet Protocol (IP). It ensures the transmission of datagrams from sender to recipients through an integrated system of computer networks.

The name of this protocol - Internet Protocol - reflects its essence: it must transmit packets between networks. In each successive network lying on the path of the packet, the IP protocol calls the transport means accepted in this network in order to transfer this packet to the router leading to the next network, or directly to the recipient node.

The IP protocol is a connectionless protocol. IP is not tasked with reliably delivering messages from sender to recipient. The IP protocol treats each IP packet as an independent unit that has no connection with any other IP packets. The IP protocol does not have the mechanisms usually used to increase the reliability of the final data: there is no handshaking - the exchange of acknowledgments between the sender and the recipient, no ordering procedure, retransmissions or other similar functions. If any error occurs during packet forwarding, the IP protocol, on its own initiative, does nothing to correct this error. For example, if at an intermediate router a packet is discarded due to a time-to-live or checksum error, the IP module does not attempt to resend the corrupted or lost packet. All issues of ensuring the reliability of data delivery over a composite network in the TCP/IP stack are resolved by the TCP protocol, which works directly on the IP protocol. It is TCP that organizes the retransmission of packets when the need arises.

An important feature of the IP protocol that distinguishes it from other network protocols (for example, from the IPX network protocol) is its ability to perform dynamic fragmentation of packets when transmitting them between networks with different maximum permissible values ​​for the MTU frame data field. The property of fragmentation has largely contributed to the fact that the IP protocol has been able to occupy a dominant position in complex composite networks.

There is a direct relationship between the functional complexity of a protocol and the header complexity of the packets that the protocol uses. This is explained by the fact that the main service data, on the basis of which the protocol performs this or that action, is transferred between two modules that implement this protocol on different machines, precisely in the fields of the packet headers. Therefore, it is very useful to study the purpose of each header field of an IP packet, and this study provides not only formal knowledge of the structure of the packet, but also explains all the main modes of operation of the protocol for processing and transmitting IP datagrams.

IP packet structure

An IP packet consists of a header and a data field. The header, usually 20 bytes long, has the following structure (Fig. 14.1).

Rice. 1. IP packet header structure

Field Version number, occupying 4 bits, indicates the IP protocol version. Version 4 (IPv4) is now widely used, and the transition to version 6 (IPv6) is being prepared.

Field Header Length (IHL) An IP packet is 4 bits long and specifies a header length value measured in 32-bit words. Typically the header is 20 bytes long (five 32-bit words), but as the amount of overhead information increases, this length can be increased by using additional bytes in the field Options (IP Options). The largest header is 60 octets.

Field Type of Service occupies one byte and specifies the priority of the packet and the type of route selection criterion. The first three bits of this field form the subfield priority package (Precedence). The priority can have values ​​from the lowest - 0 (normal packet) to the highest - 7 (control information packet). Routers and computers can take packet priority into account and process more important packets first. Field Service Type also contains three bits that define the route selection criterion. In reality, the choice is made between three alternatives: low latency, high reliability and high throughput. The D (delay) bit set indicates that the route should be selected to minimize delivery delay for a given packet, the T bit to maximize throughput, and the R bit to maximize delivery reliability. In many networks, an improvement in one of these parameters is associated with a deterioration in the other; in addition, processing each of them requires additional computational costs. Therefore, it rarely makes sense to set at least two of these three route selection criteria simultaneously. Reserved bits have a value of zero.

Field Total Length occupies 2 bytes and means the total length of the packet, taking into account the header and data fields. The maximum packet length is limited by the width of the field that defines this value and is 65,535 bytes, but most host computers and networks do not use such large packets. When transmitted over various types of networks, the packet length is selected taking into account the maximum length of the lower-layer protocol packet carrying IP packets. If these are Ethernet frames, then packets with a maximum length of 1500 bytes that fit in the data field are selected Ethernet frame. The standard stipulates that all hosts must be prepared to accept packets up to 576 bytes in length (whether they arrive as a whole or in fragments). Hosts are encouraged to send packets larger than 576 bytes only if they are confident that the receiving host or intermediate network is prepared to handle packets of that size.

Field Package Identifier takes 2 bytes and is used to recognize packets formed by fragmenting the original packet. All fragments must have the same value for this field.

Field Flags occupies 3 bits and contains features associated with fragmentation. When the DF (Do not Fragment) bit is set, it prevents the router from fragmenting this packet, and set bit MF (More Fragments) indicates that this packet is an intermediate (not the last) fragment. The remaining bit is reserved.

Field Fragment Offset occupies 13 bits and specifies the offset in bytes of the data field of this packet from the beginning of the general data field of the original fragmented packet. Used when assembling/disassembling packet fragments when transferring them between networks with different MTU values. The offset must be a multiple of 8 bytes.

Field Time to Live occupies one byte and represents the time limit during which a packet can travel across the network. The lifetime of a given packet is measured in seconds and is set by the transmission source. On routers and other network nodes, after each second, one is subtracted from the current lifetime; one is also subtracted when the delay time is less than a second. Since modern routers rarely process a packet in more than one second, the lifetime can be considered equal to the maximum number of nodes that a given packet is allowed to pass before it reaches its destination. If the time-to-live parameter becomes zero before the packet reaches the recipient, the packet will be discarded. Lifetime can be viewed as a clockwork mechanism of self-destruction. The value of this field changes when the IP packet header is processed.

Identifier Upper level protocol (Protocol) occupies one byte and indicates to which upper-level protocol the information located in the data field of the packet belongs (for example, these could be TCP protocol segments (UDP datagrams, ICMP or OSPF packets). The identifier values ​​​​for various protocols are given in the RFC document “Assigned Numbers” .

Header Checksum takes 2 bytes and is calculated only from the header. Because some header fields change their value as the packet travels over the network (for example, time to live), the checksum is checked and recalculated each time the IP header is processed. The checksum - 16 bits - is calculated as the addition to the sum of all 16-bit header words. When calculating the checksum, the value of the “checksum” field itself is set to zero. If the checksum is incorrect, the packet will be discarded as soon as the error is detected.

Fields Source IP Address And Destination IP Address have the same length - 32 bits - and the same structure.

Field Options (IP Options) is optional and is usually used only when debugging the network. The options mechanism provides control functions that are necessary or simply useful in certain situations, but it is not needed for normal communications. This field consists of several subfields, each of which can be one of eight predefined types. In these subfields, you can specify the exact route of routers, register the routers traversed by the packet, place security data, as well as timestamps. Since the number of subfields can be arbitrary, then at the end of the field Options a few bytes must be added to align the packet header on a 32-bit boundary.

Field Alignment (Padding) used to ensure that the IP header ends on a 32-bit boundary. Alignment is done with zeros.

Below is a printout of the header field values ​​of one of the real IP packets captured in Ethernet networks using the Microsoft Network Monitor protocol analyzer.

IP: Version = 4 (0x4)

IP: Header Length = 20 (0x14)

IP: Service Type = 0 (0x0)

IP: Precedence = Routine

IP: ...0.... = Normal Delay

IP: ....0... = Normal Throughput

IP: .....0.. = Normal Reliability

IP: Total Length = 54 (0x36)

IP: Identification = 31746 (0x7C02)

IP: Flags Summary = 2 (0x2)

IP: .......0 = Last fragment in datagram

IP: ......1. = Cannot fragment datagram

IP: Fragment Offset = 0 (0x0) bytes

The basis of the transport vehicles of the TCP/IP protocol stack is the Internet Protocol (IP). The main functions of the IP protocol include:

• transfer between networks of various types of address information in a unified form,
• assembly and disassembly of packets when transmitting them between networks with different maximum packet lengths.

IP packet format

An IP packet consists of a header and a data field. The packet header has the following fields:

• The Version Number (VERS) field indicates the version of the IP protocol. Now version 4 is widely used and the transition to version 6, also called IPng (IP next generation), is being prepared.
• The Header Length (HLEN) field of an IP packet is 4 bits long and indicates the header length measured in 32-bit words. Typically the header is 20 bytes long (five 32-bit words), but as the amount of overhead increases, this length can be increased by using additional bytes in the IP OPTIONS field.
• The SERVICE TYPE field occupies 1 byte and specifies the priority of the packet and the type of route selection criterion. The first three bits of this field form the packet priority subfield (PRECEDENCE). The priority can range from 0 (normal packet) to 7 (control information packet). Routers and computers can take packet priority into account and process more important packets first. The Service Type field also contains three bits that define the route selection criteria. The D (delay) bit set indicates that the route should be selected to minimize delivery delay for a given packet, the T bit to maximize throughput, and the R bit to maximize delivery reliability.
• The TOTAL LENGTH field is 2 bytes and indicates the total length of the packet, including the header and data fields.
• The Packet Identifier field (IDENTIFICATION) occupies 2 bytes and is used to recognize packets formed by fragmentation of the original packet. All fragments must have the same value for this field.
• The Flags field (FLAGS) occupies 3 bits; it indicates the possibility of fragmentation of the packet (the Do not Fragment - DF bit is set - prohibits the router from fragmenting this packet), as well as whether this packet is an intermediate or the last fragment of the original packet (the More bit is set). Fragments - MF - indicates that the package transfers an intermediate fragment).
• The FRAGMENT OFFSET field is 13 bits long and is used to indicate, in bytes, the offset of the data field of this packet from the beginning of the general data field of the original fragmented packet. It is used when assembling/disassembling packet fragments when transmitting them between networks with different values ​​of the maximum packet length.
• The TIME TO LIVE field occupies 1 byte and specifies the time limit during which a packet can travel across the network. The lifetime of this packet is measured in seconds and is set by the transmission source using the IP protocol. At gateways and other network nodes, after each second, one is subtracted from the current lifetime; one is also subtracted for each transit transmission (even if a second has not passed). When the lifetime expires, the package is canceled.
• The Upper Level Protocol Identifier (PROTOCOL) occupies 1 byte and indicates which upper level protocol the packet belongs to (for example, it could be TCP, UDP or RIP).
• The checksum (HEADER CHECKSUM) takes 2 bytes and is calculated over the entire header.
• The SOURCE IP ADDRESS and DESTINATION IP ADDRESS fields have the same length - 32 bits, and the same structure.
• The Reserve (IP OPTIONS) field is optional and is usually used only when debugging the network. This field consists of several subfields, each of which can be one of eight predefined types. In these subfields, you can specify the exact route of routers, register the routers traversed by the packet, place security data, as well as timestamps. Since the number of subfields can be arbitrary, a few bytes must be added to the end of the Reserve field to align the packet header on a 32-bit boundary.

The maximum length of the packet data field is limited by the width of the field that determines this value and is 65535 bytes, however, when transmitted over various types of networks, the packet length is selected taking into account the maximum length of the lower-level protocol packet carrying IP packets. If these are Ethernet frames, then packets with a maximum length of 1500 bytes that fit in the data field of the Ethernet frame are selected.

Fragmentation Management

Transport layer protocols (TCP or UDP protocols), which use the network layer to send packets, consider the maximum data field size of an IP packet to be 65535, and therefore can pass a message of that length to it for transport over the Internet. The functions of the IP layer include breaking a message that is too long for a particular type of network component into shorter packets with the creation of the corresponding service fields necessary for the subsequent assembly of fragments into the original message.

Most types of local and global networks define such a concept as the maximum size of the data field of a frame or packet into which the IP protocol must encapsulate its packet. This value is usually called the maximum transportation unit - Maximum Transfer Unit, MTU. Ethernet networks have an MTU of 1500 bytes, FDDI networks have a MTU of 4096 bytes, and X.25 networks most often operate with an MTU of 128 bytes.

The operation of the IP protocol to fragment packets in hosts and routers is illustrated in Figure 4.1.

Let computer 1 be connected to a network that has an MTU of 4096 bytes, such as an FDDI network. When a message from the transport layer of 5600 bytes in size arrives at the IP layer of computer 1, the IP protocol divides it into two IP packets, setting the fragmentation flag in the first packet and assigning the packet a unique identifier, for example, 486. In the first packet, the value of the offset field is 0, and in the second - 2800. The fragmentation sign in the second packet is zero, which indicates that this is the last fragment of the packet. The total size of an IP packet is 2800+20 (IP header size), that is, 2820 bytes, which fits in the data field of an FDDI frame.

Rice. 4.1. Fragmentation of IP packets when transmitted between networks with different
maximum packet sizes. K1 and F1 channel and physical layer of network 1,
K2 and F2 link and physical layer of network 2

The router sees from the network address that the two packets that arrive need to be forwarded to network 2, which has a lower MTU value of 1500. This is probably an Ethernet network. The router extracts the transport message fragment from each FDDI packet and divides it further in half so that each part fits into the data field of the Ethernet frame. It then forms new IP packets, each of which is 1400 + 20 = 1420 bytes long, which is less than 1500 bytes, so they fit normally in the data field of Ethernet frames.

As a result, four IP packets with a common identifier of 486 arrive at computer 2 over the Ethernet network, which allows the IP protocol running on computer 2 to correctly assemble the original message. If the packets arrive in a different order than they were sent, the offset will indicate the correct order in which they were combined.

Note that IP routers do not aggregate packet fragments into larger packets, even if there is a network along the way that allows such aggregation. This is because individual message fragments may travel across the Internet via different routes, so there is no guarantee that all fragments pass through any intermediate router along their path.

When the first fragment of a packet arrives, the destination node starts a timer that determines the maximum allowable waiting time for the arrival of the remaining fragments of this packet. If the timer expires before the last fragment arrives, then all packet fragments received up to that point are discarded, and an error message is sent to the host that sent the original packet using the ICMP protocol.

Routing using IP addresses

Let us now consider the principles on the basis of which in IP networks the route for transmitting a packet between networks is selected.

First, you need to pay attention to the fact that not only routers, but also end nodes - computers - must take part in choosing a route. The example shown in Figure 4.2 demonstrates this need. Here, there are several routers on the local network, and the computer must choose which one to send the packet to.

Rice. 4.2. Router selection by end node

The length of the route can vary significantly depending on which router the computer chooses to forward its packet to a server located in Germany, for example, if Router 1 has a leased line to a router in Copenhagen and Router 2 has a satellite link connecting it to Tokyo .

In the TCP/IP stack, routers and end nodes make decisions about who to pass a packet to in order to successfully deliver it to the destination node, based on so-called routing tables.

The following table is a typical example of a route table using network IP addresses:

Network address appointments																																							Next router address																																								Weekend number port																																								Distance to destination networks
56.0.0.0																																							198.21.17.7																																								1																																								20
56.0.0.0																																							213.34.12.4.																																								2																																								130
116.0.0.0																																							213.34.12.4																																								2																																								1450
129.13.0.0																																							198.21.17.6																																								1																																								50
198.21.17.0																																							-																																								2																																								0
213. 34.12.0																																							-																																								1																																								0
default																																							198.21.17.7																																								1																																								-

In this table in the column "Destination network address" the addresses of all networks to which this router can transmit packets are indicated. The TCP/IP stack adopts the so-called one step approach to optimize the packet forwarding route (next-hop routing) - each router and end node takes part in choosing only one packet transmission step. Therefore, each line of the routing table does not indicate the entire route as a sequence of IP addresses of the routers through which the packet must pass, but only one IP address - the address of the next router to which the packet must be transmitted. Along with the packet, responsibility for choosing the next routing hop is transferred to the next router. The one-hop approach to routing means a distributed solution to the route selection problem. This removes the restriction on the maximum number of transit routers along the packet's path.

(An alternative to the one-hop approach is to specify in the packet the entire sequence of routers that the packet must pass on its path. This approach is called Source Routing. In this case, the selection of the route is made by the end node or the first router on the path of the packet, and all other routers only work out the selected route, switching packets, that is, transmitting them from one port to another. The Source Routing algorithm is used in IP networks only for debugging, when the route is specified in the Reserve (IP OPTIONS) field of the packet.)

If there is more than one row in the route table corresponding to the same destination network address, then when deciding whether to transmit a packet, the row that contains the smallest value in the “Distance to destination network” field is used.

In this case, distance is understood as any metric used in accordance with the specified network package class of service. This may be the number of transit routers in a given route (the number of hops from a hop), the time it takes for a packet to travel along communication lines, the reliability of communication lines, or another value that reflects the quality of a given route in relation to a specific class of service. If a router supports several classes of packet service, then a route table is compiled and applied separately for each type of service (route selection criteria).

To send a packet to the next router, knowledge of its local address is required, but in the TCP/IP stack, it is customary to use only IP addresses in routing tables to preserve their universal format, independent of the type of networks on the Internet. To find a local address from a known IP address, you must use the ARP protocol.

The end node, like the router, has at its disposal a route table of a unified format and, based on its data, makes a decision which router needs to transmit the packet for network N. The computer makes the decision that this packet needs to be routed at all when he sees that the destination network address of the packet differs from the address of his own network (when configuring each computer, the administrator assigns its IP address or several IP addresses if the computer is simultaneously connected to several networks). When the computer selects the next router, it looks through its ARP address cache table and perhaps finds a match between the next router's IP address and its MAC address. If not, an ARP request is broadcast over the local network and the local address is extracted from the ARP response.

The computer then generates a frame for the protocol used on the selected port, such as an Ethernet frame, into which it places the router's MAC address. The router receives the Ethernet frame, extracts the IP packet from it, and looks up its routing table to find the next router. In doing so, it performs the same actions as the end node.

One-hop routing has another advantage - it allows you to reduce the size of routing tables in end nodes and routers by using the so-called default route, which usually occupies the last row in the routing table, as the destination network number. If there is such an entry in the routing table, then all packets with network numbers that are not in the routing table are sent to the router specified in the line default. Therefore, routers often store limited information about Internet networks in their tables, forwarding packets for other networks to the default port and router. The default router is assumed to forward the packet to the backbone, and routers connected to the backbone have full knowledge of the Internet's composition.

End nodes are especially likely to use the default routing technique. Although they also generally have a routing table at their disposal, its size is usually insignificant, since routing is not the main activity for the computer. The main role in packet routing in the IP concept is naturally assigned to routers, which must have much more complete routing tables than end nodes. The end node often operates without a routing table at all, having only knowledge of the default router's IP address. If there is one router on the local network, this option is the only one possible for all end nodes. But even if there are several routers on the local network, when the problem of choosing them is faced by the end node, setting a default route is often used in computers to reduce the size of their routing table.

Another way to relieve your computer of the burden of maintaining large routing tables is to obtain information from the router about a reasonable route for a specific network using the ICMP protocol.

In addition to the default route, there may be two types of special entries in the routing table - an entry about a host-specific route and an entry about the addresses of networks directly connected to the router ports.

A host-specific route contains a full IP address instead of a network number, that is, an address that has non-zero information not only in the network number field, but also in the host number field. It is assumed that for such an end node the route should be chosen differently from all other nodes in the network to which it belongs. In the case when the table contains different records about the forwarding of packets for the entire network N and its individual node having the address N,D, when a packet addressed to node N,D arrives, the router will give preference to the record for N,D.

Entries in the routing table for networks directly connected to the router contain zeros in the Distance to Destination Network field.

Another difference between how a router and an end node work when choosing a route is the way the routing table is built. If routers usually automatically create routing tables by exchanging service information, then for end nodes routing tables are created, as a rule, manually by administrators and stored as permanent files on disks.

There are various algorithms for constructing tables for one-hop routing. They can be divided into three classes:

• fixed routing algorithms,
• simple routing algorithms,
• adaptive routing algorithms.

Regardless of the algorithm used to build the routing table, the result of their work has a single format. Due to this, in the same network, different nodes can build routing tables according to their own algorithms, and then exchange missing data with each other, since the formats of these tables are fixed. Therefore, a router using an adaptive routing algorithm can provide an end node using a fixed routing algorithm with path information to a network that the end node knows nothing about.

Fixed Routing

This algorithm is used in networks with a simple connection topology and is based on the manual compilation of a routing table by the network administrator. The algorithm often works effectively also for highways large networks, since the highway itself may have simple structure with obvious the best ways packets are routed to subnets attached to the backbone.

There are single-route tables, in which one path is specified for each destination, and multi-route tables, which define several alternative paths for each destination. When using multi-route tables, a rule must be specified for selecting one of them. Most often, one path is the main one, and the rest are backup ones.

Simple routing

Simple routing algorithms are divided into three subclasses:

• Random routing - packets are transmitted in any random direction except the original one.
• Flood routing - packets are transmitted in all directions except the original one (used in bridges for packets with an unknown delivery address).
• Routing by previous experience - route tables are compiled based on the data contained in the packets passing through the router. This is exactly how transparent bridges work, collecting information about the addresses of nodes included in network segments. This routing method is slow to adapt to changes in network topology.

Adaptive Routing

This is the main type of routing algorithms used by routers in modern networks with complex topologies. Adaptive routing is based on the fact that routers periodically exchange special topological information about the networks available on the Internet, as well as about the connections between routers. Usually, not only the topology of links is taken into account, but also their capacity and condition.

Adaptive protocols allow all routers to collect information about the topology of connections in the network, quickly processing all changes in the connection configuration. These protocols have a distributed nature, which is expressed in the fact that there are no dedicated routers in the network that would collect and summarize topological information: this work is distributed among all routers.

An example of node interaction using the IP protocol

Using the example of the Internet shown in Figure 4.3, let's look at how computers interact through routers and deliver packets to the destination computer.

Rice. 4.3. An example of computer interaction via the internet

In the given example, let the user of the computer cit.dol.ru, located on the Ethernet network with IP address 194.87.23.0 (class C address), want to interact via FTP with the computer s1.msk.su, belonging to the Ethernet network with IP address 142.06 .0.0 (class B address). The computer cit.dol.ru has an IP address 194.87.23.1.17, and the computer s1.msk.su has an IP address 142.06.13.14.

1. The user of the computer cit.dol.ru knows the symbolic name of the computer s1.msk.su, but does not know its IP address, so he types the command

> ftp s1.msk.su

to organize an FTP session.

The computer cit.dol.ru must have some parameters set for the TCP/IP stack so that it can perform the task assigned to it.

These settings should include your own IP address, the DNS server IP address, and the default router IP address. Since only one router is connected to the Ethernet network to which the computer cit.dol.ru belongs, the end nodes of this network do not need a routing table; it is enough to know the IP address of the default router. IN in this example it is equal to 194.87.23.1.

Since the user did not specify the IP address of the host with which he wants to communicate in the ftp command, the TCP/IP stack must determine it itself. It can query the DNS server for the IP address it has, but usually each computer first looks up its own table of symbolic names and IP addresses. Such a table is most often stored as a text file of a simple structure - each line contains a record of one symbolic name and its IP address. In Unix OS, such a file is traditionally called HOSTS.

142.06.13.14 s1.msk.su.

Therefore, name resolution is performed locally, so that the IP protocol can now generate IP packets with the destination address 142.06.13.14 to communicate with the computer s1.msk.su.

3. The IP protocol of the computer cit.dol.ru checks whether packets need to be routed for the address 142.06.13.14. Since the destination network address is 142.06.0.0, and the address of the network to which the computer belongs is 194.87.23.0, routing is necessary.

4. The computer cit.dol.ru begins to form an Ethernet frame to send an IP packet to the default router with the IP address 194.87.23.1. To do this, he needs the MAC address of the router port connected to his network. This address is most likely already in the ARP protocol cache table of the computer if it exchanged data with computers on other networks at least once during the last time it was turned on. Let this address in our example be found in cache memory. Let's denote it MAC 11, in accordance with the number of the router and its port.

5. As a result, the computer cit.dol.ru sends an Ethernet frame over the local network that has the following fields:

DA (Ethernet)																															...																							DESTINATION IP																																								...																				...
MAS 11																																																						142.06.13.14

6. The frame is received by port 1 of router 1 in accordance with the Ethernet protocol, since the MAC node of this port recognizes its MAC address 11. The Ethernet protocol extracts the IP packet from this frame and passes it on to the router software that implements the IP protocol. The IP protocol extracts the destination address from the packet and looks at its routing table entries. Let router 1 have an entry in its routing table

142.06.0.0 135.12.0.11 2 1,

which indicates that the packets are for network 142.06. 0.0 should be sent to router 135.12.0.11, which is connected to the same network as port 2 of router 1.

7. Router 1 looks at the parameters of port 2 and finds that it is connected to the FDDI network. Since the FDDI network has a maximum transport MTU value greater than the Ethernet network, fragmentation of the data field of the IP packet is not required. Therefore, Router 1 generates an FDDI frame that specifies the MAC address of Router 2's port, which it finds in its ARP cache table:

9. Finally, after the packet has arrived at the destination network router - Router 3, it becomes possible to transfer this packet to the destination computer. Router 3 sees that the packet needs to be forwarded to network 142.06.0.0, which is directly connected to its first port. Therefore, he sends an ARP request over the Ethernet network with the IP address of the computer s1.msk.su (we assume that this information is not in its cache), receives a response containing MAC address s1, and forms an Ethernet frame that delivers the IP packet over the local network to the recipient.

DA (Ethernet)																															...																									DESTINATION IP																																								...																						...
MAC s1																																																								142.06.13.14

Structuring IP networks using masks

Network administrators often experience inconvenience because the number of network numbers centrally allocated to them is not enough to structure the network properly, for example, placing all weakly interacting computers on different networks.

In such a situation, two options are possible. The first of these is related to obtaining additional network numbers from the NIC. The second method, which is used more often, is associated with the use of so-called masks, which allow you to divide one network into several networks.

A mask is a number whose binary notation contains ones in those bits that should be interpreted as a network number.

For example, for standard network classes, masks have the following meanings:

255.0.0.0 - mask for class A network,

255.255.0.0 - mask for class B network,

255.255.255.0 - mask for class C network.

In the masks that the administrator uses to increase the number of networks, the number of ones in the sequence that defines the boundary of the network number does not have to be a multiple of 8 in order to repeat the division of the address into bytes.

For example, let the mask have the value 255.255.192.0 (11111111 11111111 11000000 00000000). And let the network number be 129.44.0.0 (10000001 00101100 00000000 00000000), from which it can be seen that it belongs to class B. After applying a mask to this address, the number of bits interpreted as the network number increased from 16 to 18, that is, the administrator received the ability to use four instead of one centrally assigned network number:

129.44.0.0 (10000001 00101100 00000000 00000000)

129.44.64.0 (10000001 00101100 01000000 00000000)

129.44.128.0 (10000001 00101100 10000000 00000000)

129.44.192.0 (10000001 00101100 11000000 00000000)

For example, the IP address 129.44.141.15 (10000001 00101100 10001101 00001111), which according to IP standards specifies the network number 129.44.0.0 and host number 0.0.141.15, will now be interpreted as a pair when using a mask:

129.44.128.0 - network number, 0.0. 13.15 - node number.

Thus, by setting a new mask value, you can force the router to interpret the IP address differently. In this case, the last two extra bits of the network number are often interpreted as subnet numbers.

One more example. Let a certain network belong to class B and have the address 128.10.0.0 (Figure 4.4). This address is used by the router connecting the network to the rest of the Internet. And suppose among all the stations in the network there are stations that weakly interact with each other. It would be desirable to isolate them in different networks. To do this, the network can be divided into two networks, connecting them to the corresponding ports of the router, and setting these ports as a mask, for example, the number 255.255.255.0, that is, organizing two class C subnets within the original network with a centrally specified number (it would be possible select a different size for the subnet address field). From the outside, the network will still look like a single Class B network, but locally it will be two separate Class C networks. Incoming general traffic will be divided by the local router between subnets.

Rice. 4.4. An example of using masks to structure a network

It should be noted that if a decision is made to use the mask mechanism, then both routers and computers on the network must be configured accordingly.

IP(internet protocol - internet protocol) - a routed network protocol, a network layer protocol of the TCP/IP family ("stack"). IPv4 is described in RFC 791 (September 1981).

Key points:

IP is the main protocol of the TCP/IP stack; it solves the issues of message delivery between nodes of a composite network.

IP is a datagram protocol: when information is transmitted over IP, each packet is transmitted from node to node and is processed by nodes independently of other packets.

IP refers to connectionless protocols. IP is used for non-guaranteed delivery of data, divided into so-called packets from one network node to another. This means that at the level of this protocol (the third layer of the OSI network model) there are no guarantees of reliable delivery of the packet to the recipient. In particular, packets may arrive out of order in which they were sent, be duplicated (when two copies of the same packet arrive; in reality this is extremely rare), be damaged (damaged packets are usually destroyed) or not arrive at all. The guarantee of error-free delivery of packets is provided by higher (transport layer) protocols of the OSI network model - for example, TCP Ports - which use IP as a transport.

The IP protocol uses the principle of routing. The type of IP routing table depends on the specific router implementation, but all types of routers have all the key fields needed to perform routing. There are several sources that supply routing table entries:

• Firstly, upon initialization software TCP/IP stack records entries for directly connected networks and default routers, as well as entries for special addresses such as 127.0.0.0.

  Second, the administrator manually enters static entries about specific routes or the default router.

  Third, routing protocols are automatically entered into the table dynamic entries about available routes.

An important feature of the IP protocol that distinguishes it from other network protocols is its ability to perform dynamic packet fragmentation when transferring them between networks with different MTUs.

IP packet structure

An IP protocol packet consists of a header and a data field. The maximum packet length is 65,535 bytes. The header is usually 20 bytes long and contains information about the network addresses of the sender and recipient, fragmentation parameters, packet lifetime, checksum and some others. The IP packet data field contains messages over high level.

Let's look at the fields of the structure of an IP packet using a specific example.

Header Length (IHL) field The IP packet is 4 bits long and specifies the header length value, measured in 32-bit words. Typically, the IP packet header is 20 bytes long (five 32-bit words), but as the amount of overhead information increases, this length can be increased. The largest header is 60 octets.

Type of Service field occupies one byte and specifies the priority of the packet and the type of route selection criterion. The first three bits of this field form the packet priority subfield (Precedence). The priority can have values ​​from the lowest - 0 (normal packet) to the highest - 7 (control information packet). Routers and computers can take packet priority into account and process more important packets first. The Type of Service field also contains three bits that define the route selection criteria. In reality, the choice is made between three alternatives: low latency, high reliability and high throughput. In many networks, an improvement in one of these parameters is associated with a deterioration in the other; in addition, processing each of them requires additional computational costs. Therefore, it rarely makes sense to set at least two of these three route selection criteria simultaneously. Reserved bits have a value of zero. The * D (delay) bit set indicates that the route should be selected to minimize the delivery delay of a given packet * T bit - to maximize throughput * R bit - to maximize delivery reliability.

Total Length field occupies 2 bytes and means the total length of the packet, taking into account the header and data fields. The maximum packet length is limited by the width of the field that defines this value, and is 65,535 bytes, but most computers and networks do not use such large packets. When transmitted over various types of networks, the packet length is selected taking into account the maximum length of the lower-level protocol packet carrying IP packets. If these are Ethernet frames, then packets with a maximum length of 1500 bytes that fit in the data field of the Ethernet frame are selected. The standard stipulates that all hosts must be prepared to accept packets up to 576 bytes in length (whether they arrive as a whole or in fragments). A rule of thumb is that hosts are encouraged to send packets larger than 576 bytes only if they are confident that the receiving host or intermediate network is willing to handle packets of that size.

Identification field takes 2 bytes and is used to recognize packets formed by fragmenting the original packet. All fragments must have the same value for this field.

Flags field occupies 3 bits and contains fragmentation-related features: set bit DF (Do not Fragment) prevents the router from fragmenting this packet, and the bit set MF (More Fragments) indicates that this packet is an intermediate (not the last) fragment. The remaining bit is reserved.

Fragment Offset field occupies 13 bits and specifies the offset in bytes of the data field of this packet from the beginning of the general data field of the original fragmented packet. Used when assembling/disassembling packet fragments when transmitting them between networks with different MTU values. The offset must be a multiple of 8 bytes.

Time to Live field occupies 1 byte and indicates the time limit during which a packet can travel across the network. The lifetime of a given packet is measured in seconds and is set by the transmission source. On routers and other network nodes, after each second, one is subtracted from the current lifetime; one is also subtracted when the delay time is less than a second. Since modern routers rarely process a packet in more than one second, the time to live can be considered equal to the maximum number of nodes that a given packet is allowed to pass before it reaches its destination. If the time-to-live parameter becomes zero before the packet reaches the recipient, the packet will be discarded. Lifetime can be viewed as a clockwork mechanism of self-destruction. The value of this field changes when the IP packet header is processed.

Identifier Top-level protocol (Protocol) occupies 1 byte and indicates which upper-level protocol the information placed in the data field of the packet belongs to (for example, these could be segments of upper-level protocols or routing protocols). The identifier values ​​for the various protocols are given in RFC 3232 - Assigned Numbers.

Header Checksum takes 2 bytes and is calculated only from the header. Because some header fields change their value as the packet travels over the network (for example, time to live), the checksum is checked and recalculated each time the IP header is processed. The checksum - 16 bits - is calculated as the addition to the sum of all 16-bit header words. When calculating the checksum, the value of the "checksum" field itself is set to zero. If the checksum is incorrect, the packet will be discarded as soon as the error is detected.

Source IP Address fields And

Destination IP Address have the same length - 32 bits - and the same structure.

IP Options field is optional and is usually used only when debugging the network. The options mechanism provides control functions that are necessary or simply useful in certain situations, but it is not needed for normal communications. This field consists of several subfields, each of which can be one of eight predefined types. In these subfields, you can specify the exact route of routers, register the routers traversed by the packet, place security data, as well as timestamps. Since the number of subfields can be arbitrary, a few bytes must be added to the end of the Options field to align the packet header on a 32-bit boundary.

Field Alignment (Padding) used to ensure that the IP header ends on a 32-bit boundary. Alignment is done with zeros.

IP fragmentation, MTU, MSS, and PMTUD

Fragmentation of IP packets: MTU, MSS, and PMTUD. PMTUD (Path MTU Discovery) and the problem of packet fragmentation (network mtu ping packet)

Why do pings work when there are problems with MTU? ICMP Request and Relpy packets range in size from 32 to 64 bytes, the pinged server returns very little information, which fits within the allowable size along with all headers.

The TCP Ports protocol allows both parties to negotiate a maximum segment size (MSS) value. Each side specifies the proposed MSS size in the OPTIONS field of the TCP packet header. The smaller of the two values ​​will be accepted. This negotiation avoids the fragmentation of packets as they pass through routers and gateways and their subsequent reassembly on the target host, which leads to delays and reduced transmission speeds.

Fragmentation involves splitting a block of data (packet) into equal parts. Accordingly, after fragmentation, the next step is the assembly of fragments. The IP protocol allows fragmentation of only those packets that arrive at the input ports of routers. It is necessary to distinguish between message fragmentation in the sending node and dynamic message fragmentation in routers. The fact is that almost all protocol stacks contain protocols that fragment application-level messages into parts that fit into link-level frames. In the TCP/IP stack, for example, this task is solved by the TCP transport layer protocol. This protocol can split the stream of bytes passed to it from the application layer into messages of the desired size (for example, 1460 bytes for the Ethernet protocol).

Therefore, the IP protocol at the sending node does not use its packet fragmentation capabilities.

But if necessary, transfer the package to next network, for which the packet size is too large, IP fragmentation becomes necessary.

The functions of the IP layer include breaking a message that is too long for a particular type of network component into shorter packets with the creation of the corresponding service fields necessary for the subsequent assembly of fragments into the original message.

In most types of local and wide area networks, the MTU values, that is, the maximum size of the data field in which the IP protocol must encapsulate its packet, differ significantly.

Ethernet networks have an MTU of 1500 bytes, FDDI networks have a MTU of 4096 bytes, and X.25 networks most often operate with an MTU of 128 bytes.

So, we explained the need for packet fragmentation at the IP level. Now let's move on to the process of IP packet fragmentation itself.

As we already found out from the previous section of our lesson, an IP packet can be marked as non-fragmentable in the Flags field of the header. Any packet marked this way cannot be fragmented by the IP module under any circumstances.

Even if a packet marked as non-fragmentable cannot reach the recipient without fragmentation, it is simply destroyed and a corresponding message is sent to the sending node.

The IP protocol allows for use within a separate subnet own funds fragmentation invisible to the IP protocol.

For example, ATM technology divides incoming IP packets into cells with a 48-byte data field using its segmentation layer, and then reassembles the cells into original packets as they exit the network. But technologies such as ATM are the exception rather than the rule.

The IP protocol's fragmentation and reassembly procedures are designed so that a packet can be broken into virtually any number of pieces that can later be reassembled.

In order not to confuse different types of fragments, the Identification field is used in the IP packet header.

The IP protocol module sending the packet sets the Identification field to a value that must be unique for a given sender-receiver pair. In addition, the sender sets in the packet header the time during which the packet can be active on the network.

The Fragment Offset field tells the recipient the position of the fragment in the original packet. The fragment's offset and length determine the portion of the original packet carried by that fragment. The "more fragments" flag indicates the appearance of the last fragment. An IP protocol module sending an unfragmented packet sets the "more fragments" flag and the fragment offset to zero.

All these fields provide enough information to build the package.

So, to fragment a large packet, an IP protocol module installed on a router, for example, creates several new packets and copies the contents of the IP header fields from the large packet into the IP headers of all new packets. The data from the old packet is divided into the appropriate number of parts, the size of each of which, except the very last one, must be a multiple of 8 bytes.

The size of the last part of the data is equal to the resulting remainder.

Each piece of data received is placed into a new packet.

When fragmentation occurs, some IP header parameters are copied into the headers of all fragments, while others remain only in the header of the first fragment.

The fragmentation process can change the data values ​​located in the parameters field and the header checksum value, change the value of the "more fragments" flag and the fragment offset, change the length of the IP header and the overall length of the packet.

The header of each packet contains the corresponding values ​​in the "fragment offset" field, and the length of each packet is placed in the total packet length field.

Thus, the first fragment will have a zero value in the "fragment offset" field. In all packets except the last one, the "more fragments" flag is set to one, and in the last fragment it is set to zero.

Now let's look at the process of building package fragments.

To assemble packet fragments, the IP protocol module concatenates IP packets that have the same values ​​in the identifier, source, destination, and protocol fields.

Thus, the sender must choose an identifier such that it is unique for a given sender-receiver pair, for a given protocol, and for as long as a given packet (or any fragment of it) may exist on the composite IP network.

It is quite obvious that the IP protocol module that sends packets must have an identifier table, where each entry is associated with each individual recipient that was communicated with, and indicates the last value of the maximum lifetime of the packet in the IP network.

However, since the ID field allows 65,536 different meanings, some hosts may simply use unique identifiers that do not depend on the recipient's address.

In some cases, it is appropriate for IP packet identifiers to be chosen by protocols higher than IP.

The merging procedure consists of placing the data from each fragment at the position specified in the packet header in the "fragment offset" field.

Each IP module must be able to transmit a 68-byte packet without further fragmentation. This is because the IP header can be up to 60 bytes, and the minimum data fragment is 8 bytes. Each recipient must be able to receive a 576-byte packet either as a single piece or in pieces that can be reassembled. If the Don't Fragment (DF) flag bit is set, then fragmentation of this packet is prohibited, even if in this case it would be lost.

This feature can be used to prevent fragmentation in cases where the recipient host does not have sufficient resources to assemble the fragments.

So, after a lot of explanation, let's reinforce everything we've learned so far about IP packet fragmentation with an example.

Let's consider the process of fragmentation of IP packets during transmission between networks with different sizes packets in the example shown in this figure.

Duct and physical layers designated as K1, F1, K2, F2, respectively.

Let computer 1 be connected to a network that has an MTU of 4096 bytes, such as an FDDI network.

When a 5600-byte message from the transport layer arrives at the IP layer of computer 1, the IP protocol divides it into two IP packets. In the first packet, sets the fragmentation flag and assigns a unique identifier to the packet, for example 486.

In the first packet the offset field value is 0, and in the second it is 2800.

The fragmentation flag in the second packet is zero, indicating that this is the last fragment of the packet.

The total size of the IP packet is 2800 plus 20 (IP header size), that is, 2820 bytes, which fits in the data field of the FDDI frame.

The network interface sends frames to the next router.

After the frames pass the router network interface layer (K1 and F1) and are freed from the FDDI headers, the IP module determines by the network address that the two arriving packets need to be transferred to network 2, which is an Ethernet network and has an MTU value of 1500.

Therefore, arriving IP packets must be fragmented.

The router extracts the data field from each packet and divides it further in half so that each part fits into the data field of the Ethernet frame.

It then forms new IP packets, each of which is 1400 + 20 = 1420 bytes long, which is less than 1500 bytes, so they fit normally in the data field of Ethernet frames.

As a result, four IP packets with a common identifier of 486 arrive at computer 2 via the Ethernet network.

The IP protocol running on computer 2 must correctly reassemble the original message.

If the packets arrive in a different order than they were sent, the offset will indicate the correct order in which they were combined.

Note that IP routers do not aggregate packet fragments into larger packets, even if there is a network along the way that allows such aggregation. This is because individual message fragments may travel across the Internet via different routes, so there is no guarantee that all fragments pass through any intermediate router along their path.

When the first fragment of a packet arrives, the destination node starts a timer that determines the maximum allowable waiting time for the arrival of the remaining fragments of this packet.

The timer is set to the maximum of two values: the initial setup timeout and the lifetime specified in the received fragment.

Thus, the initial timer setting is a lower bound for the c6op timeout. If the timer expires before the last fragment arrives, then all assembly resources associated with that packet are released, all packet fragments received up to that point are discarded, and an error message is sent to the node that sent the original packet.

IN modern world information spreads in seconds. The news has just appeared, and a second later it is already available on some website on the Internet. The Internet is considered one of the most useful developments of the human mind. To enjoy all the benefits that the Internet provides, you need to connect to this network.

Few people know that the simple process of visiting web pages involves a complex system of actions, invisible to the user. Each click on a link activates hundreds of different computational operations at the heart of the computer. These include sending requests, receiving responses, and much more. The so-called TCP/IP protocols are responsible for every action on the network. What are they?

Any Internet protocol TCP/IP operates at its own level. In other words, everyone does their own thing. The entire TCP/IP protocol family does a tremendous amount of work simultaneously. And the user at this time sees only bright pictures and long lines text.

The concept of a protocol stack

The TCP/IP protocol stack is an organized set of basic network protocols, which is hierarchically divided into four levels and is a system for transport distribution of packets over a computer network.

TCP/IP is the most famous network protocol stack used in this moment. The principles of the TCP/IP stack apply to both local and wide area networks.

Principles of using addresses in the protocol stack

The TCP/IP network protocol stack describes the paths and directions in which packets are sent. This is the main task of the entire stack, performed at four levels that interact with each other using a logged algorithm. To ensure that the packet is sent correctly and delivered exactly to the point that requested it, IP addressing was introduced and standardized. This was due to the following tasks:

• Addresses of different types must be consistent. For example, converting a website domain to a server's IP address and back, or converting a host name to an address and back. In this way, it becomes possible to access the point not only using the IP address, but also by its intuitive name.
• Addresses must be unique. This is because in some special cases the packet must reach only one specific point.
• The need to configure local area networks.

In small networks where several dozen nodes are used, all these tasks are performed simply, using the simplest solutions: compiling a table describing the ownership of the machine and its corresponding IP address, or you can manually distribute IP addresses to all network adapters. However, for large networks with a thousand or two thousand machines, the task of manually issuing addresses does not seem so feasible.

That is why a special approach was invented for TCP/IP networks, which became distinctive feature protocol stack. The concept of scalability was introduced.

Layers of the TCP/IP protocol stack

There exists here a certain hierarchy. The TCP/IP protocol stack has four layers, each of which handles its own set of protocols:

Application layer: created to enable the user to interact with the network. At this level, everything that the user sees and does is processed. The level allows the user to access various network services, for example: access to databases, the ability to read a list of files and open them, send electronic message or open a web page. Along with user data and actions, service information is transmitted at this level.

Transport layer: This is a pure packet transmission mechanism. At this level, neither the contents of the package nor its affiliation with any action matter at all. At this level, only the address of the node from which the packet is sent and the address of the node to which the packet should be delivered matters. As a rule, the size of fragments transmitted using different protocols can change, therefore, at this level, blocks of information can be split up at the output and assembled into a single whole at the destination. This causes possible data loss if, at the time of transmission of the next fragment, a short-term connection break occurs.

The transport layer includes many protocols, which are divided into classes, from the simplest ones, which simply transmit data, to complex ones, which are equipped with the functionality of acknowledging receipt, or re-requesting a missing block of data.

This level provides the higher (application) level with two types of services:

• Provides guaranteed delivery using the TCP protocol.
  
• Delivers via UDP whenever possible .

To ensure guaranteed delivery, a connection is established according to the TCP protocol, which allows packets to be numbered at the output and confirmed at the input. The numbering of packets and confirmation of reception is the so-called service information. This protocol supports transmission in "Duplex" mode. In addition, thanks to the well-thought-out regulations of the protocol, it is considered very reliable.

The UDP protocol is intended for moments when it is impossible to configure transmission via the TCP protocol, or you have to save on the network data transmission segment. Also UDP protocol can interact with higher-level protocols to improve the reliability of packet transmission.

Network layer or "Internet layer": a basic level of for the entire TCP/IP model. The main functionality of this layer is identical to the layer of the same name in the OSI model and describes the movement of packets in a composite network consisting of several smaller subnets. It links adjacent layers of the TCP/IP protocol.

The network layer is the connecting layer between the higher transport layer and the lower level of network interfaces. The network layer uses protocols that receive a request from the transport layer, and through regulated addressing, transmit the processed request to the network interface protocol, indicating to which address to send the data.

The following TCP/IP network protocols are used at this level: ICMP, IP, RIP, OSPF. The main and most popular at the network level is, of course, the IP (Internet Protocol). Its main task is to transmit packets from one router to another until a unit of data reaches network interface destination node. The IP protocol is deployed not only on hosts, but also on network equipment: routers and managed switches. The IP protocol operates on the principle of best-effort, non-guaranteed delivery. That is, there is no need to establish a connection in advance to send a packet. This option leads to saving traffic and time on the movement of unnecessary service packets. The packet is routed towards its destination, and it is possible that the node remains unreachable. In this case, an error message is returned.

Network interface level: is responsible for ensuring that subnetworks with different technologies can interact with each other and transmit information in the same mode. This is accomplished in two simple steps:

• Encoding a packet into an intermediate network data unit.
• Converts the destination information into the required subnet standards and sends the data unit.

This approach allows us to constantly expand the number of supported networking technologies. As soon as a new technology appears, it immediately falls into the TCP/IP protocol stack and allows networks with older technologies to transfer data to networks built using more advanced technologies. modern standards and ways.

Units of data transferred

During the existence of such a phenomenon as the TCP/IP protocols, standard terms in terms of units of transmitted data. Data during transmission can be fragmented in different ways, depending on the technologies used by the destination network.

To have an idea of ​​what is happening with the data and at what point in time, it was necessary to come up with the following terminology:

• Data stream- data that arrives at the transport layer from protocols of a higher application layer.
• A segment is a fragment of data into which a stream is divided according to TCP protocol standards.
• Datagram(especially illiterate people pronounce it as “Datagram”) - units of data that are obtained by splitting a stream using connectionless protocols (UDP).
• Plastic bag- a unit of data produced via the IP protocol.
• The TCP/IP protocols package IP packets into blocks of data transmitted over composite networks, called personnel or frames.

Types of TCP/IP protocol stack addresses

Any TCP/IP data transfer protocol uses one of the following address types to identify hosts:

• Local (hardware) addresses.
• Network addresses (IP addresses).
• Domain names.

Local addresses (MAC addresses) - used in most local area technologies computer networks, to identify network interfaces. When talking about TCP/IP, the word local means an interface that operates not in a composite network, but within a separate subnet. For example, the subnet of an interface connected to the Internet will be local, and the Internet network will be composite. A local network can be built on any technology, and regardless of this, from the point of view of a composite network, a machine located in a separately dedicated subnet will be called local. Thus, when a packet enters the local network, its IP address is then associated with the local address, and the packet is sent to the MAC address of the network interface.

Network addresses (IP addresses). TCP/IP technology provides its own global addressing of nodes to solve a simple problem - combining networks with different technologies into one large data transmission structure. IP addressing is completely independent of the technology used on the local network, but an IP address allows a network interface to represent a machine on a composite network.

As a result, a system was developed in which hosts are assigned an IP address and a subnet mask. The subnet mask shows how many bits are allocated to the network number, and how many to the host number. An IP address consists of 32 bits, divided into blocks of 8 bits.

When a packet is transmitted, it is assigned information about the network number and the node number to which the packet should be sent. First, the router forwards the packet to the desired subnet, and then a host is selected that is waiting for it. This process is carried out by the Address Resolution Protocol (ARP).

Domain addresses on TCP/IP networks are managed by a specially designed Domain Name System (DNS). To do this, there are servers that match the domain name, presented as a string of text, with the IP address, and send the packet in accordance with global addressing. There is no correspondence between a computer name and an IP address, so in order to convert a domain name to an IP address, the sending device must access the routing table that is created on DNS server e. For example, we write the site address in the browser, the DNS server matches it with the IP address of the server on which the site is located, and the browser reads the information, receiving a response.

In addition to the Internet, it is possible to issue domain names to computers. Thus, the process of working on a local network is simplified. There is no need to remember all IP addresses. Instead, you can give each computer any name and use it.

IP address. Format. Components. Subnet mask

An IP address is a 32-bit number, which in traditional representation is written as numbers from 1 to 255, separated by dots.

Type of IP address in various formats entries:

• Decimal IP address: 192.168.0.10.
• Binary form of the same IP address: 11000000.10101000.00000000.00001010.
• Recording an address in hexadecimal system notation: C0.A8.00.0A.

There is no separator between the network ID and the point number in the entry, but the computer is able to separate them. There are three ways to do this:

1. Fixed border. With this method, the entire address is conditionally divided into two parts of a fixed length, byte by byte. Thus, if we give one byte for the network number, then we will get 2 8 networks of 2 24 nodes each. If the border is moved another byte to the right, then there will be more networks - 2 16, and fewer nodes - 2 16. Today, the approach is considered obsolete and is not used.
2. Subnet mask. The mask is paired with an IP address. The mask has a sequence of values ​​"1" in those bits that are allocated to the network number, and a certain number of zeros in those places of the IP address that are allocated to the node number. The boundary between ones and zeros in the mask is the boundary between the network ID and the host ID in the IP address.
3. Address classes method. Compromise method. When using it, network sizes cannot be selected by the user, but there are five classes - A, B, C, D, E. Three classes - A, B and C - are intended for various networks, and D and E are reserved for special-purpose networks . In a class system, each class has its own boundary of network number and node ID.

IP Address Classes

TO class A These include networks in which the network is identified by the first byte, and the remaining three are the node number. All IP addresses that have a first byte value from 1 to 126 in their range are class A networks. There are very few class A networks in quantity, but each of them can have up to 2 24 points.

Class B- networks in which the two highest bits are equal to 10. In them, 16 bits are allocated for the network number and point identifier. As a result, it turns out that the number of class B networks is quantitatively different from the number of class A networks, but they have a smaller number of nodes - up to 65,536 (2 16) units.

On networks class C- there are very few nodes - 2 8 in each, but the number of networks is huge, due to the fact that the network identifier in such structures takes up three bytes.

Networks class D- already belong to special networks. It starts with the sequence 1110 and is called a multicast address. Interfaces with class A, B and C addresses can be part of a group and receive, in addition to the individual address, a group address.

Addresses class E- in reserve for the future. Such addresses begin with the sequence 11110. Most likely, these addresses will be used as group addresses when there is a shortage of IP addresses on the global network.

Setting up the TCP/IP protocol

Setting up the TCP/IP protocol is available on all operating systems. These are Linux, CentOS, Mac OS X, Free BSD, Windows 7. The TCP/IP protocol only requires a network adapter. Of course, server OS capable of more. The TCP/IP protocol is very widely configured using server services. IP addresses on regular desktop computers are set in the settings network connections. It's being configured there network address, gateway - the IP address of a point that has access to the global network, and the addresses of points where the DNS server is located.

The TCP/IP Internet protocol can be configured manually. Although this is not always necessary. You can receive TCP/IP protocol parameters from the dynamically distributed server address in automatic mode. This method is used in large corporate networks. On DHCP server you can map a local address to a network address, and as soon as a machine with a given IP address appears on the network, the server will immediately give it a pre-prepared IP address. This process is called reservation.

TCP/IP Address Resolution Protocol

The only way to establish a relationship between a MAC address and an IP address is by maintaining a table. If there is a routing table, each network interface is aware of its addresses (local and network), but the question arises of how to properly organize the exchange of packets between nodes using the TCP/IP 4 protocol.

Why was Address Resolution Protocol (ARP) invented? In order to link the TCP/IP family of protocols and other addressing systems. An ARP mapping table is created on each node and is populated by polling the entire network. This happens every time the computer is turned off.

ARP table

This is what an example of a compiled ARP table looks like.