Computer networking and security

Definition - What does Computer Network mean?

A computer network is a group of computer systems and other computing hardware devices that are
linked together through communication channels to facilitate communication and resource-sharing
among a wide range of users. Networks are commonly categorized based on their characteristics.
Example of basic Computer Network:

Basic Computer network components:

Computer networks share common devices, functions, and features including servers, clients,
transmission media, shared data, shared printers and other hardware and software resources,
network interface card(NIC), local operating system(LOS), and the network operating system
(NOS).
Servers - Servers are computers that hold shared files, programs, and the network operating
system. Servers provide access to network resources to all the users of the network. There are
many different kinds of servers, and one server can provide several functions. For example,
there are file servers, print servers, mail servers, communication servers, database servers, fax
servers and web servers, to name a few.

Figure 1:server
Clients - Clients are computers that access and use the network and shared network resources.
Client computers are basically the customers(users) of the network, as they request and receive
services from the servers.

1|Page
Transmission Media - Transmission media are the facilities used to interconnect computers in a
network, such as twisted-pair wire, coaxial cable, and optical fiber cable. Transmission media are
sometimes called channels, links or lines.

Figure 2: cables

Figure 3:RJ45 connector

Shared data - Shared data are data that file servers provide to clients such as data files, printer
access programs and e-mail.
Shared printers and other peripherals - Shared printers and peripherals are hardware
resources provided to the users of the network by servers. Resources provided include data files,
printers, software, or any other items used by clients on the network.
Network Interface Card - Each computer in a network has a special expansion card called a
network interface card (NIC). The NIC prepares (formats) and sends data, receives data, and
controls data flow between the computer and the network. On the transmit side, the NIC passes
frames of data on to the physical layer, which transmits the data to the physical link. On the
receiver's side, the NIC processes bits received from the physical layer and processes the
message based on its contents.

Figure 4: Network interface card

Local Operating System - A local operating system allows personal computers to access files,
print to a local printer, and have and use one or more disk and CD drives that are located on the

2|Page
computer. Examples are MS-DOS, UNIX, Linux, Windows 2000, Windows 98, and Windows XP
etc.
Network Operating System - The network operating system is a program that runs on
computers and servers, and allows the computers to communicate over the network.
Hub - Hub is a device that splits a network connection into multiple computers. It is like a
distribution center. When a computer requests information from a network or a specific computer,
it sends the request to the hub through a cable. The hub will receive the request and transmit it to
the entire network. Each computer in the network should then figure out whether the broadcast
data is for them or not.

Switch - Switch is a telecommunication device grouped as one of computer network

components. Switch is like a Hub but built in with advanced features. It uses physical device
addresses in each incoming messages so that it can deliver the message to the right destination
or port.
Like a hub, switch doesn't broadcast the received message to entire network, rather before
sending it checks to which system or port should the message be sent. In other words, switch
connects the source and destination directly which increases the speed of the network. Both
switch and hub have common features: Multiple RJ-45 ports, power supply and connection lights.

Figure 5:L2 switch

Figure 6:L3 switch

Router - When we talk about computer network components, the other device that used to
connect a LAN with an internet connection is called Router. When you have two distinct networks

3|Page
(LANs) or want to share a single internet connection to multiple computers, we use a Router. In
most cases, recent routers also include a switch which in other words can be used as a switch.
You don’t need to buy both switch and router, particularly if you are installing small business and
home networks. There are two types of Router: wired and wireless. The choice depends on your
physical office/home setting, speed and cost.

Figure 7: Routers

Topologies

Diagram of different network topologies.

Two basic categories of network topologies exist, physical topologies and logical topologies
The cabling layout used to link devices is the physical topology of the network. This refers to the
layout of cabling, the locations of nodes, and the links between the nodes and the cabling.[1] The
physical topology of a network is determined by the capabilities of the network access devices
and media, the level of control or fault tolerance desired, and the cost associated with cabling or
telecommunications circuits.
In contrast, logical topology is the way that the signals act on the network media, or the way that
the data passes through the network from one device to the next without regard to the physical
interconnection of the devices. A network's logical topology is not necessarily the same as its
physical topology. For example, the original twisted pair Ethernet using repeater hubs was a
logical bus topology carried on a physical star topology. Token ring is a logical ring topology, but
is wired as a physical star from the media access unit Logical topologies are often closely
associated with media access control methods and protocols. Some networks are able to
dynamically change their logical topology through configuration changes to their routers and
switches.

4|Page
Classification
The study of network topology recognizes eight basic topologies: point-to-point, bus, star, ring or
circular, mesh, tree, hybrid, or daisy chain.

Point-to-point:
The simplest topology with a dedicated link between two endpoints. Easiest to understand, of the
variations of point-to-point topology, is a point-to-point communications channel that appears, to
the user, to be permanently associated with the two endpoints. A child's tin can telephone is one
example of a physical dedicated channel.
Using circuit-switching or packet-switching technologies, a point-to-point circuit can be set up
dynamically and dropped when no longer needed. Switched point-to-point topologies are the
basic model of conventional telephony.
The value of a permanent point-to-point network is unimpeded communications between the two
endpoints. The value of an on-demand point-to-point connection is proportional to the number of
potential pairs of subscribers and has been expressed as Metcalfe's Law.

Bus

Bus network topology

In local area networks where bus topology is used, each node is connected to a single cable, by
the help of interface connectors. This central cable is the backbone of the network and is known
as the bus (thus the name). A signal from the source travels in both directions to all machines
connected on the bus cable until it finds the intended recipient. If the machine address does not
match the intended address for the data, the machine ignores the data. Alternatively, if the data
matches the machine address, the data is accepted. Because the bus topology consists of only
one wire, it is rather inexpensive to implement when compared to other topologies. However, the
low cost of implementing the technology is offset by the high cost of managing the network.
Additionally, because only one cable is utilized, it can be the single point of failure In this
topology data being transferred may be accessed by any workstation
The type of network topology in which all of the nodes of the network that are connected to a
common transmission medium which has exactly two endpoints (this is the 'bus', which is also
commonly referred to as the backbone, or trunk) – all data that is transmitted in between nodes
in the network is transmitted over this common transmission medium and is able to be received
by all nodes in the network simultaneously.

5|Page
Note: When the electrical signal reaches the end of the bus, the signal is reflected back down
the line, causing unwanted interference. As a solution, the two endpoints of the bus are normally
terminated with a device called a terminator that prevents this reflection.
The type of network topology in which all of the nodes of the network are connected to a
common transmission medium which has more than two endpoints that are created by adding
branches to the main section of the transmission medium – the physical distributed bus topology
functions in exactly the same fashion as the physical linear bus topology (i.e., all nodes share a
common transmission medium).

Star:

Star network topology

In local area networks with a star topology, each network host is connected to a central hub with
a point-to-point connection. So it can be said that every computer is indirectly connected to every
other node with the help of the hub. In Star topology, every node (computer workstation or any
other peripheral) is connected to a central node called hub, router or switch. The switch is the
server and the peripherals are the clients. The network does not necessarily have to resemble a
star to be classified as a star network, but all of the nodes on the network must be connected to
one central device. All traffic that traverses the network passes through the central hub. The hub
acts as a signal repeater. The star topology is considered the easiest topology to design and
implement. An advantage of the star topology is the simplicity of adding additional nodes. The
primary disadvantage of the star topology is that the hub represents a single point of failure.
Since all peripheral communication must flow through the central hub, the aggregate central
bandwidth forms a network bottleneck for large clusters.
A type of network topology in which a network that is based upon the physical star topology has
one or more repeaters between the central node and the peripheral or 'spoke' nodes, the

6|Page
repeaters being used to extend the maximum transmission distance of the point-to-point links
between the central node and the peripheral nodes beyond that which is supported by the
transmitter power of the central node or beyond that which is supported by the standard upon
which the physical layer of the physical star network is based.
If the repeaters in a network that is based upon the physical extended star topology are replaced
with hubs or switches, then a hybrid network topology is created that is referred to as a physical
hierarchical star topology, although some texts make no distinction between the two topologies.
A type of network topology that is composed of individual networks that are based upon the
physical star topology connected in a linear fashion – i.e., 'daisy-chained' – with no central or top
level connection point (e.g., two or more 'stacked' hubs, along with their associated star
connected nodes or 'spokes').

Ring:

A ring topology is a bus topology in a closed loop. Data travels around the ring in one direction.
When one node sends data to another, the data passes through each intermediate node on the
ring until it reaches its destination. The intermediate nodes repeat (re transmit) the data to keep
the signal strong. Every node is a peer; there is no hierarchical relationship of clients and
servers. If one node is unable to re transmit data, it severs communication between the nodes
before and after it in the bus.
Advantages:

 When the load on the network increases, its performance is better than bus topology.
 There is no need of network server to control the connectivity between workstations.
Disadvantages:

 Aggregate network bandwidth is bottlenecked by the weakest link between two nodes.
Mesh:
The value of fully meshed networks is proportional to the exponent of the number of subscribers,
assuming that communicating groups of any two endpoints, up to and including all the endpoints,
is approximated by Reed's Law.

7|Page
Fully connected mesh topology

In a fully connected network, all nodes are interconnected. (In graph theory this is called
a complete graph. The simplest fully connected network is a two-node network. A fully
connected network doesn't need to use packet switching or broadcasting. However, since the
number of connections grows quadratically with the number of nodes: This kind of topology does
not trip and affect other nodes in the network

This makes it impractical for large networks.

Partially connected network

Partially connected mesh topology

In a partially connected network, certain nodes are connected to exactly one other node; but
some nodes are connected to two or more other nodes with a point-to-point link. This makes it
possible to make use of some of the redundancy of mesh topology that is physically fully
connected, without the expense and complexity required for a connection between every node in
the network.

8|Page
Hybrid
Hybrid networks combine two or more topologies in such a way that the resulting network does
not exhibit one of the standard topologies (e.g., bus, star, ring, etc.). For example, a tree
network (or star-bus network) is a hybrid topology in which star networks are interconnected
via bus networks. However, a tree network connected to another tree network is still topologically
a tree network, not a distinct network type. A hybrid topology is always produced when two
different basic network topologies are connected.
A star-ring network consists of two or more ring networks connected using a multistation access
unit (MAU) as a centralized hub.
Snowflake topology is a star network of star networks.
Two other hybrid network types are hybrid mesh and hierarchical star.

Daisy chain
Except for star-based networks, the easiest way to add more computers into a network is
by daisy-chaining, or connecting each computer in series to the next. If a message is intended for
a computer partway down the line, each system bounces it along in sequence until it reaches the
destination. A daisy-chained network can take two basic forms: linear and ring.

OSI model
The Open Systems Interconnection model (OSI model) is a conceptual model that
characterizes and standardizes the communication functions of a telecommunication or
computing system without regard to its underlying internal structure and technology. Its goal is
the interoperability of diverse communication systems with standard protocols. The model
partitions a communication system into abstraction layers. The original version of the model
defined seven layers.
A layer serves the layer above it and is served by the layer below it. For example, a layer that
provides error-free communications across a network provides the path needed by applications
above it, while it calls the next lower layer to send and receive packets that comprise the
contents of that path. Two instances at the same layer are visualized as connected by
a horizontal connection in that layer.

OSI Model

Protocol data
Layer Function
unit (PDU)

High-level APIs, including resource sharing, remote file

7. Application
access
Host
layer Data
s Translation of data between a networking service and an
6. Presentatio
application; including character encoding, data
n compression and encryption/decryption

9|Page
 Managing communication sessions, i.e. continuous
5. Session exchange of information in the form of multiple back-and-
forth transmissions between two nodes

Segment (TCP) Reliable transmission of data segments between points

on a network,
4. Transport / Datagram (UDP
including segmentation, acknowledgement and multiplexi
) ng

Structuring and managing a multi-node network,

3. Network Packet
including addressing,routing and traffic control

Medi
a Reliable transmission of data frames between two nodes
Frame
layer 2. Data linkconnected by a physical layer
s

Transmission and reception of raw bit streams over a

1. Physical Bit
physical medium

 A linear topology puts a two-way link between one computer and the next. However, this
was expensive in the early days of computing, since each computer (except for the ones at
each end) required two receivers and two transmitters.
 By connecting the computers at each end, a ring topology can be formed. An advantage of
the ring is that the number of transmitters and receivers can be cut in half, since a message
will eventually loop all of the way around. When a node sends a message, the message is
processed by each computer in the ring. If the ring breaks at a particular link then the
transmission can be sent via the reverse path thereby ensuring that all nodes are always
connected in the case of a single failure.

Description of OSI layer

The recommendation X.200 describes seven layers, labeled 1 to 7. Layer 1 is the lowest layer in
this model.
At each level N, two entities at the communicating devices (layer N peers) exchange protocol
data units (PDUs) by means of a layer N protocol. Each PDU contains a payload, called
the service data unit (SDU), along with protocol-related headers or footers.
Data processing by two communicating OSI-compatible devices is done as such:

1. The data to be transmitted is composed at the topmost layer of the transmitting device
(layer N) into a protocol data unit (PDU).
2. The PDU is passed to layer N-1, where it is known as the service data unit (SDU).
3. At layer N-1 the SDU is concatenated with a header, a footer, or both, producing a layer
N-1 PDU. It is then passed to layer N-2.
4. The process continues until reaching the lowermost level, from which the data is
transmitted to the receiving device.
5. At the receiving device the data is passed from the lowest to the highest layer as a series
of SDUs while being successively stripped from each layer's header or footer, until
reaching the topmost layer, where the last of the data is consumed.

10 | P a g e
Some orthogonal aspects, such as management and security, involve all of the layers (See ITU-
T X.800 Recommendation). These services are aimed at improving the CIA
triad - confidentiality, integrity, and availability - of the transmitted data. In practice, the availability
of a communication service is determined by the interaction between network
design and network management protocols. Appropriate choices for both of these are needed to
protect against denial of service.

Layer 1: Physical Layer

The physical layer defines the electrical and physical specifications of the data connection. It
defines the relationship between a device and a physical transmission medium (for example,
an electrical cable, an optical fiber cable, or a radio frequency link). This includes the layout
of pins, voltages, line impedance, cable specifications, signal timing and similar characteristics
for connected devices and frequency (5 GHz or 2.4 GHz etc.) for wireless devices. It is
responsible for transmission and reception of unstructured raw data in a physical medium. Bit
rate control is done at the physical layer. It may define transmission mode as simplex, half
duplex, and full duplex. It defines the network topology as bus, mesh, or ring being some of the
most common.
The physical layer is the layer of low-level networking equipment, such as some hubs, cabling,
and repeaters. The physical layer is never concerned with protocols or other such higher-layer
items. Examples of hardware in this layer are network adapters, repeaters, network hubs,
modems, and fiber media converters.

Layer 2: Data Link Layer

The data link layer provides node-to-node data transfer—a link between two directly connected
nodes. It detects and possibly corrects errors that may occur in the physical layer. It defines the
protocol to establish and terminate a connection between two physically connected devices. It
also defines the protocol for flow control between them.
IEEE 802 divides the data link layer into two sublayers:

 Medium access control (MAC) layer – responsible for controlling how devices in a network
gain access to a medium and permission to transmit data.
 Logical link control (LLC) layer – responsible for identifying and encapsulating network layer
protocols, and controls error checking and frame synchronization.
The MAC and LLC layers of IEEE 802 networks such as 802.3 Ethernet, 802.11 Wi-Fi,
and 802.15.4 ZigBee operate at the data link layer.
The Point-to-Point Protocol (PPP) is a data link layer protocol that can operate over several
different physical layers, such as synchronous and asynchronous serial lines.
The ITU-T G.hn standard, which provides high-speed local area networking over existing wires
(power lines, phone lines and coaxial cables), includes a complete data link layer that provides
both error correction and flow control by means of a selective-repeat sliding-window protocol.

Layer 3: Network Layer

The network layer provides the functional and procedural means of transferring variable
length data sequences (called datagrams) from one node to another connected in "different
networks". A network is a medium to which many nodes can be connected, on which every node
has an address and which permits nodes connected to it to transfer messages to other nodes
connected to it by merely providing the content of a message and the address of the destination
node and letting the network find the way to deliver the message to the destination node,
possibly routing it through intermediate nodes. If the message is too large to be transmitted from
one node to another on the data link layer between those nodes, the network may implement
message delivery by splitting the message into several fragments at one node, sending the
fragments independently, and reassembling the fragments at another node. It may, but does not
need to, report delivery errors.

11 | P a g e
Message delivery at the network layer is not necessarily guaranteed to be reliable; a network
layer protocol may provide reliable message delivery, but it need not do so.
A number of layer-management protocols, a function defined in the management annex, ISO
7498/4, belong to the network layer. These include routing protocols, multicast group
management, network-layer information and error, and network-layer address assignment. It is
the function of the payload that makes these belong to the network layer, not the protocol that
carries them.

Layer 4: Transport Layer

The transport layer provides the functional and procedural means of transferring variable-length
data sequences from a source to a destination host via one or more networks, while maintaining
the quality of service functions.
An example of a transport-layer protocol in the standard Internet stack is Transmission Control
Protocol (TCP), usually built on top of the Internet Protocol (IP).
The transport layer controls the reliability of a given link through flow
control, segmentation/desegmentation, and error control. Some protocols are state- and
connection-oriented. This means that the transport layer can keep track of the segments and re-
transmit those that fail. The transport layer also provides the acknowledgement of the successful
data transmission and sends the next data if no errors occurred. The transport layer creates
packets out of the message received from the application layer. Packetizing is a process of
dividing the long message into smaller messages.
OSI defines five classes of connection-mode transport protocols ranging from class 0 (which is
also known as TP0 and provides the fewest features) to class 4 (TP4, designed for less reliable
networks, similar to the Internet). Class 0 contains no error recovery, and was designed for use
on network layers that provide error-free connections. Class 4 is closest to TCP, although TCP
contains functions, such as the graceful close, which OSI assigns to the session layer. Also, all
OSI TP connection-mode protocol classes provide expedited data and preservation of record
boundaries. Detailed characteristics of TP0-4 classes are shown in the following table:[7]

Feature name TP0 TP1 TP2 TP3 TP4

Connection-oriented network Yes Yes Yes Yes Yes

Connectionless network No No No No Yes

Concatenation and separation No Yes Yes Yes Yes

Segmentation and reassembly Yes Yes Yes Yes Yes

Error recovery No Yes Yes Yes Yes

Reinitiate connectiona No Yes No Yes No

Multiplexing / demultiplexing over single virtual circuit No No Yes Yes Yes

Explicit flow control No No Yes Yes Yes

Retransmission on timeout No No No No Yes

Reliable transport service No Yes No Yes Yes

If an excessive number of PDUs are unacknowledged.

12 | P a g e
An easy way to visualize the transport layer is to compare it with a post office, which deals with
the dispatch and classification of mail and parcels sent. Do remember, however, that a post
office manages the outer envelope of mail. Higher layers may have the equivalent of double
envelopes, such as cryptographic presentation services that can be read by the addressee only.
Roughly speaking, tunneling protocols operate at the transport layer, such as carrying non-IP
protocols such as IBM's SNA or Novell's IPX over an IP network, or end-to-end encryption
with IPsec. While Generic Routing Encapsulation (GRE) might seem to be a network-layer
protocol, if the encapsulation of the payload takes place only at endpoint, GRE becomes closer
to a transport protocol that uses IP headers but contains complete frames or packets to deliver to
an endpoint. L2TP carries PPP frames inside transport packet.
Although not developed under the OSI Reference Model and not strictly conforming to the OSI
definition of the transport layer, the Transmission Control Protocol (TCP) and the User Datagram
Protocol (UDP) of the Internet Protocol Suite are commonly categorized as layer-4 protocols
within OSI.

Layer 5: Session Layer

The session layer controls the dialogues (connections) between computers. It establishes,
manages and terminates the connections between the local and remote application. It provides
for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment,
termination, and restart procedures. The OSI model made this layer responsible for graceful
close of sessions, which is a property of the Transmission Control Protocol, and also for session
checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The session
layer is commonly implemented explicitly in application environments that use remote procedure
calls.

Layer 6: Presentation Layer

The presentation layer establishes context between application-layer entities, in which the
application-layer entities may use different syntax and semantics if the presentation service
provides a mapping between them. If a mapping is available, presentation service data units are
encapsulated into session protocol data units and passed down the protocol stack.
This layer provides independence from data representation by translating between application
and network formats. The presentation layer transforms data into the form that the application
accepts. This layer formats data to be sent across a network. It is sometimes called the syntax
layer.[8] The presentation layer can include compression functions.[9]The Presentation Layer
negotiates the Transfer Syntax.
The original presentation structure used the Basic Encoding Rules of Abstract Syntax Notation
One (ASN.1), with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded
file, or serialization of objects and other data structures from and to XML. ASN.1 effectively
makes an application protocol invariant with respect to syntax.

Layer 7: Application Layer

The application layer is the OSI layer closest to the end user, which means both the OSI
application layer and the user interact directly with the software application. This layer interacts
with software applications that implement a communicating component. Such application
programs fall outside the scope of the OSI model. Application-layer functions typically include
identifying communication partners, determining resource availability, and synchronizing
communication. When identifying communication partners, the application layer determines the
identity and availability of communication partners for an application with data to transmit. The
most important distinction in the application layer is the distinction between the application-entity
and the application. For example, a reservation website might have two application-entities: one
using HTTP to communicate with its users, and one for a remote database protocol to record
reservations. Neither of these protocols have anything to do with reservations. That logic is in the
application itself. The application layer per se has no means to determine the availability of
resources in the network.

13 | P a g e
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of
the core protocols of standards-based internetworking methods in the Internet, and was the first
version deployed for production in the ARPANET in 1983. It still routes most Internet traffic
today, despite the ongoing deployment of a successor protocol, IPv6. IPv4 is described
in IETF publication RFC 791 (September 1981), replacing an earlier definition (RFC 760, January
1980).
IPv4 is a connectionless protocol for use on packet-switched networks. It operates on a best
effort delivery model, in that it does not guarantee delivery, nor does it assure proper sequencing
or avoidance of duplicate delivery. These aspects, including data integrity, are addressed by
an upper layer transport protocol, such as the Transmission Control Protocol (TCP).

Addressing

Decomposition of the quad-dotted IPv4 address representation to its binary value

IPv4 uses 32-bit addresses which limits the address space to 4294967296 (232) addresses.
IPv4 reserves special address blocks for private networks (~18 million addresses)
and multicast addresses (~270 million addresses).

Address representations
IPv4 addresses may be represented in any notation expressing a 32-bit integer value. They are
most often written in the dot-decimal notation, which consists of four octets of the address
expressed individually in decimal numbers and separated by periods. The CIDR
notation standard combines the address with its routing prefix in a compact format, in which the
address is followed by a slash character (/) and the count of consecutive 1 bits in the routing
prefix (subnet mask).
For example, the quad-dotted IP address 192.0.2.235 represents the 32-bit decimal number
3221226219, which in hexadecimal format is 0xC00002EB. This may also be expressed in
dotted hex format as 0xC0.0x00.0x02.0xEB, or with octal byte values as 0300.0000.0002.0353.

Allocation
In the original design of IPv4, an IP address was divided into two parts: the network identifier was
the most significant (highest order) octet of the address, and the host identifier was the rest of the
address. The latter was also called the rest field. This structure permitted a maximum of 256
network identifiers, which was quickly found to be inadequate.
To overcome this limit, the most-significant address octet was redefined in 1981 to
create network classes, in a system which later became known as classful networking. The
revised system defined five classes. Classes A, B, and C had different bit lengths for network
identification. The rest of the address was used as previously to identify a host within a network,

14 | P a g e
which meant that each network class had a different capacity for addressing hosts. Class D was
defined for multicast addressing and Class E was reserved for future applications.
Starting around 1985, methods were devised to subdivide IP networks. One method that has
proved flexible is the use of the variable-length subnet mask (VLSM). Based on the IETF
standard RFC 1517 published in 1993, this system of classes was officially replaced
with Classless Inter-Domain Routing (CIDR), which expressed the number of bits (from the most
significant) as, for instance, /24, and the class-based scheme was dubbed classful, by contrast.
CIDR was designed to permit repartitioning of any address space so that smaller or larger blocks
of addresses could be allocated to users. The hierarchical structure created by CIDR is managed
by the Internet Assigned Numbers Authority (IANA) and the regional Internet registries (RIRs).
Each RIR maintains a publicly searchable WHOIS database that provides information about IP
address assignments.

Special-use addresses
The Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA)
have restricted from general use various reserved IP addresses for special purposes. Some are
used for maintenance of routing tables, for multicast traffic, operation under failure modes, or to
provide addressing space for public, unrestricted uses on private networks.

Reserved address blocks

Range Description Reference

0.0.0.0/8 Current network (only valid as source address) RFC 6890

10.0.0.0/8 Private network RFC 1918

100.64.0.0/10 Shared address space for carrier-grade NAT RFC 6598

127.0.0.0/8 Loopback RFC 6890

169.254.0.0/16 Link-local RFC 3927

172.16.0.0/12 Private network RFC 1918

192.0.0.0/24 IETF Protocol Assignments RFC 6890

192.0.2.0/24 TEST-NET-1, documentation and examples RFC 5737

15 | P a g e
 192.88.99.0/24 IPv6 to IPv4 relay (includes 2002::/16) RFC 3068

192.168.0.0/16 Private network RFC 1918

198.18.0.0/15 Network benchmark tests RFC 2544

198.51.100.0/24 TEST-NET-2, documentation and examples RFC 5737

203.0.113.0/24 TEST-NET-3, documentation and examples RFC 5737

224.0.0.0/4 IP multicast (former Class D network) RFC 5771

240.0.0.0/4 Reserved (former Class E network) RFC 1700

255.255.255.255 Broadcast RFC 919

Private networks
Of the approximately four billion addresses defined in IPv4, three ranges are reserved for use
in private networks. Packets addresses in these ranges are not routable in the public Internet,
because they are ignored by all public routers. Therefore, private hosts cannot directly
communicate with public networks, but require network address translation at a routing gateway
for this purpose.

Number of
Name Address range Classful description Largest CIDR block
addresses

24-bit 10.0.0.0 –
16777216 Single Class A 10.0.0.0/8
block 10.255.255.255

20-bit 172.16.0.0 – Contiguous range of 16

1048576 172.16.0.0/12
block 172.31.255.255 Class B blocks

16-bit 192.168.0.0 – Contiguous range of 256

65536 192.168.0.0/16
block 192.168.255.255 Class C blocks

Since two private networks, e.g., two branch offices, cannot directly interoperate via the public
Internet, the two networks must be bridged across the Internet via a virtual private network (VPN)
or an IP tunnel, which encapsulate the packet in a protocol layer during transmission across the

16 | P a g e
public network. Additionally, encapsulated packets may be encrypted for the transmission across
public networks to secure the data.

Link-local addressing
RFC 3927 defines the special address block 169.254.0.0/16 for link-local addressing. These
addresses are only valid on links (such as a local network segment or point-to-point connection)
connected to a host. These addresses are not routable. Like private addresses, these addresses
cannot be the source or destination of packets traversing the internet. These addresses are
primarily used for address autoconfiguration (Zeroconf) when a host cannot obtain an IP address
from a DHCP server or other internal configuration methods.
When the address block was reserved, no standards existed for address
autoconfiguration. Microsoft created an implementation called Automatic Private IP Addressing
(APIPA), which was deployed on millions of machines and became a de facto standard. Many
years later, in May 2005, the IETF defined a formal standard in RFC 3927, entitled Dynamic
Configuration of IPv4 Link-Local Addresses.

Loopback
The class A network 127.0.0.0 (classless network 127.0.0.0/8) is reserved for loopback. IP
packets whose source addresses belong to this network should never appear outside a host.
The modus operandi of this network expands upon that of a loopback interface:

 IP packets whose source and destination addresses belong to the network (or subnetwork)
of the same loopback interface are returned to that interface;
 IP packets whose source and destination addresses belong to networks (or subnetworks) of
different interfaces of the same host, one of them being a loopback interface, are forwarded
regularly.
Addresses ending in 0 or 255
Networks with subnet masks of at least 24 bits, i.e. Class C networks in classful networking, and
networks with CIDR suffixes /24 to /32 (255.255.255.0–255.255.255.255) may not have an
address ending in 0 or 255.
Classful addressing prescribed only three possible subnet masks: Class A, 255.0.0.0 or /8; Class
B, 255.255.0.0 or /16; and Class C, 255.255.255.0 or /24. For example, in the subnet
192.168.5.0/255.255.255.0 (192.168.5.0/24) the identifier 192.168.5.0 commonly is used to refer
to the entire subnet. To avoid ambiguity in representation, the address ending in the octet 0 is
reserved.
A broadcast address is an address that allows information to be sent to all interfaces in a given
subnet, rather than a specific machine. Generally, the broadcast address is found by obtaining
the bit complement of the subnet mask and performing a bitwise OR operation with the network
identifier. In other words, the broadcast address is the last address in the address range of the
subnet. For example, the broadcast address for the network 192.168.5.0 is 192.168.5.255. For
networks of size /24 or larger, the broadcast address always ends in 255.
However, this does not mean that every address ending in 0 or 255 cannot be used as a host
address. For example, in the /16 subnet 192.168.0.0/255.255.0.0, which is equivalent to the
address range 192.168.0.0–192.168.255.255, the broadcast address is 192.168.255.255. One
can use the following addresses for hosts, even though they end with 255: 192.168.1.255,
192.168.2.255, etc. Also, 192.168.0.0 is the network identifier and must not be assigned to an
interface.[4] The addresses 192.168.1.0, 192.168.2.0, etc., may be assigned, despite ending with
0.
In the past, conflict between network addresses and broadcast addresses arose because some
software used non-standard broadcast addresses with zeros instead of ones.[5]
In networks smaller than /24, broadcast addresses do not necessarily end with 255. For
example, a CIDR subnet 203.0.113.16/28 has the broadcast address 203.0.113.31.

17 | P a g e
Address resolution
Hosts on the Internet are usually known by names, e.g., www.example.com, not primarily by their
IP address, which is used for routing and network interface identification. The use of domain
names requires translating, called resolving, them to addresses and vice versa. This is
analogous to looking up a phone number in a phone book using the recipient's name.
The translation between addresses and domain names is performed by the Domain Name
System (DNS), a hierarchical, distributed naming system which allows for subdelegation of name
spaces to other DNS servers.

Address space exhaustion

Since the 1980s, it was apparent that the pool of available IPv4 addresses was being depleted at
a rate that was not initially anticipated in the original design of the network address system.[6] The
main market forces which accelerated IPv4 address depletion included:

 Rapidly growing number of Internet users

 Always-on devices — ADSL modems, cable modems
 Mobile devices — laptop computers, PDAs, mobile phones.
The threat of exhaustion motivated the introduction of a number of remedial technologies, such
as classful networks, Classless Inter-Domain Routing (CIDR) methods, network address
translation (NAT) and strict usage-based allocation policies. To provide a long-term solution to
the pending address exhaustion, IPv6 was created in the 1990s, which made many more
addresses available by increasing the address size to 128 bits. IPv6 has been in commercial
deployment since 2006.
The primary address pool of the Internet, maintained by IANA, was exhausted on 3 February
2011, when the last 5 blocks were allocated to the 5 RIRs. APNIC was the first RIR to exhaust its
regional pool on 15 April 2011, except for a small amount of address space reserved for the
transition to IPv6, which will be allocated under a much more restricted policy.
The accepted and standard long term solution is to use IPv6 which increased the address size to
128 bits, providing a vastly increased address space that also allows improved route aggregation
across the Internet and offers large subnetwork allocations of a minimum of 264 host addresses to
end-users. However IPv4-only hosts cannot directly communicate with IPv6-only hosts so IPv6
alone does not provide an immediate solution to the IPv4 exhaustion problem. Migration to IPv6
is in progress but completion is expected to take considerable time.

Packet structure
An IP packet consists of a header section and a data section.
An IP packet has no data checksum or any other footer after the data section. Typically the link
layer encapsulates IP packets in frames with a CRC footer that detects most errors, and typically
the end-to-end TCP layer checksum detects most other errors.[10]

Header
The IPv4 packet header consists of 14 fields, of which 13 are required. The 14th field is optional
and aptly named: options. The fields in the header are packed with the most significant byte first
(big endian), and for the diagram and discussion, the most significant bits are considered to
come first (MSB 0 bit numbering). The most significant bit is numbered 0, so the version field is
actually found in the four most significant bits of the first byte, for example.
IPv4 Header Format

18 | P a g e
 Of
O
fs
ct 0 1 2 3
et
et
s

O
Bi 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
ct 0 1 2 3 4 5 6 7 8 9
t 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
et

0 0 Version IHL DSCP EN Total Length

3
4 Identification Flags Fragment Offset
2

6
8 Time To Live Protocol Header Checksum
4

9
12 Source IP Address
6

1
16 2 Destination IP Address
8

1
20 6
0

1
24 9
2
Options (if IHL > 5)
2
28 2
4

2
32 5
6

Version
The first header field in an IP packet is the four-bit version field. For IPv4, this is always
equal to 4.
Internet Header Length (IHL)
The Internet Header Length (IHL) field has 4 bits, which is the number of 32-bit words.
Since an IPv4 header may contain a variable number of options, this field specifies the
size of the header (this also coincides with the offset to the data). The minimum value for
this field is 5, which indicates a length of 5 × 32 bits = 160 bits = 20 bytes. As a 4-bit field,
the maximum value is 15 words (15 × 32 bits, or 480 bits = 60 bytes).
Differentiated Services Code Point (DSCP)
Originally defined as the Type of service (ToS) field. This field is now defined by RFC
2474 (updated by RFC 3168 and RFC 3260) for Differentiated services (DiffServ). New

19 | P a g e
 technologies are emerging that require real-time data streaming and therefore make use
of the DSCP field. An example is Voice over IP (VoIP), which is used for interactive data
voice exchange.
Explicit Congestion Notification (ECN)
This field is defined in RFC 3168 and allows end-to-end notification of network
congestion without dropping packets. ECN is an optional feature that is only used when
both endpoints support it and are willing to use it. It is only effective when supported by
the underlying network.
Total Length
This 16-bit field defines the entire packet size in bytes, including header and data. The
minimum size is 20 bytes (header without data) and the maximum is 65,535 bytes. All
hosts are required to be able to reassemble datagrams of size up to 576 bytes, but most
modern hosts handle much larger packets. Sometimes links impose further restrictions
on the packet size, in which case datagrams must be fragmented. Fragmentation in IPv4
is handled in either the host or in routers.
Identification
This field is an identification field and is primarily used for uniquely identifying the group
of fragments of a single IP datagram. Some experimental work has suggested using the
ID field for other purposes, such as for adding packet-tracing information to help trace
datagrams with spoofed source addresses,[12] but RFC 6864 now prohibits any such use.
Flags
A three-bit field follows and is used to control or identify fragments. They are (in order,
from most significant to least significant):

 bit 0: Reserved; must be zero.[note 1]

 bit 1: Don't Fragment (DF)
 bit 2: More Fragments (MF)
If the DF flag is set, and fragmentation is required to route the packet, then the packet is
dropped. This can be used when sending packets to a host that does not have sufficient
resources to handle fragmentation. It can also be used for Path MTU Discovery, either
automatically by the host IP software, or manually using diagnostic tools such
as ping or traceroute. For unfragmented packets, the MF flag is cleared. For fragmented
packets, all fragments except the last have the MF flag set. The last fragment has a non-
zero Fragment Offset field, differentiating it from an unfragmented packet.
Fragment Offset
The fragment offset field is measured in units of eight-byte blocks. It is 13 bits long and
specifies the offset of a particular fragment relative to the beginning of the original
unfragmented IP datagram. The first fragment has an offset of zero. This allows a
maximum offset of (213 – 1) × 8 = 65,528 bytes, which would exceed the maximum IP
packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548
bytes).
Time To Live (TTL)
An eight-bit time to live field helps prevent datagrams from persisting (e.g. going in
circles) on an internet. This field limits a datagram's lifetime. It is specified in seconds, but
time intervals less than 1 second are rounded up to 1. In practice, the field has become
a hop count—when the datagram arrives at a router, the router decrements the TTL field
by one. When the TTL field hits zero, the router discards the packet and typically sends
an ICMP Time Exceeded message to the sender. The program traceroute uses these
ICMP Time Exceeded messages to print the routers used by packets to go from the
source to the destination.
Protocol

20 | P a g e
 This field defines the protocol used in the data portion of the IP datagram. The Internet
Assigned Numbers Authority maintains a list of IP protocol numbers which was originally
defined in RFC 790.
Header Checksum:
Main article: IPv4 header checksum
The 16-bit checksum field is used for error-checking of the header. When a packet
arrives at a router, the router calculates the checksum of the header and compares it to
the checksum field. If the values do not match, the router discards the packet. Errors in
the data field must be handled by the encapsulated protocol. Both UDP and TCP have
checksum fields.
When a packet arrives at a router, the router decreases the TTL field. Consequently, the
router must calculate a new checksum. RFC 791 defines the checksum calculation:
The checksum field is the 16-bit one's complement of the one's complement sum of all
16-bit words in the header. For purposes of computing the checksum, the value of the
checksum field is zero.
For example, consider hex 4500003044224000800600008C7C19ACAE241E2B16 (20
bytes IP header), using a machine which uses standard two's complement arithmetic:

 450016 + 003016 + 442216 + 400016 + 800616 + 000016 + 8C7C16 + 19AC16 + AE2416 + 1E2
B16 = 0002BBCF (32-bit sum)
 000216 + BBCF16 = BBD116 = 10111011110100012 (1's complement 16-bit sum,
formed by "end around carry" of 32-bit 2's complement sum)
 ~BBD116 = 01000100001011102 = 442E16 (1's complement of 1's complement 16-bit
sum)
To validate a header's checksum the same algorithm may be used – the checksum of a
header which contains a correct checksum field is a word containing all zeros (value 0):

 450016 + 003016 + 442216 + 400016 + 800616 + 442E16 + 8C7C16 + 19AC16 + AE2416 + 1E

2B16 = 2FFFD16
 000216 + FFFD16 = FFFF16
 ~FFFF16 = 000016
Source address
This field is the IPv4 address of the sender of the packet. Note that this address may be
changed in transit by a network address translation device.
Destination address
This field is the IPv4 address of the receiver of the packet. As with the source address,
this may be changed in transit by a network address translation device.
Options
The options field is not often used. Note that the value in the IHL field must include
enough extra 32-bit words to hold all the options (plus any padding needed to ensure that
the header contains an integer number of 32-bit words). The list of options may be
terminated with an EOL (End of Options List, 0x00) option; this is only necessary if the
end of the options would not otherwise coincide with the end of the header. The possible
options that can be put in the header are as follows:

21 | P a g e
 Size
Field Description
(bits)

Set to 1 if the options need to be copied into all fragments of a fragmented

Copied 1
packet.

A general options category. 0 is for "control" options, and 2 is for "debugging

Option Class 2
and measurement". 1, and 3 are reserved.

Option
5 Specifies an option.
Number

Option Indicates the size of the entire option (including this field). This field may not
8
Length exist for simple options.

Option Data Variable Option-specific data. This field may not exist for simple options.

 Note: If the header length is greater than 5 (i.e., it is from 6 to 15) it means that the
options field is present and must be considered.
 Note: Copied, Option Class, and Option Number are sometimes referred to as a
single eight-bit field, the Option Type.
Packets containing some options may be considered as dangerous by some routers and
be blocked.

Subnetting
Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or
C network. If you do not subnet, you are only able to use one network from your Class A, B, or C
network, which is unrealistic.
Each data link on a network must have a unique network ID, with every node on that link being a
member of the same network. If you break a major network (Class A, B, or C) into smaller
subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on
this network would then have a unique network/subnetwork ID. Any device, or gateway, that
connects n networks/subnetworks has n distinct IP addresses, one for each network / subnetwork
that it interconnects.
In order to subnet a network, extend the natural mask with some of the bits from the host ID
portion of the address in order to create a subnetwork ID. For example, given a Class C network
of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
204.17.5.0 - 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
--------------------------|sub|----

By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub")
from the original host portion of the address and used them to make subnets. With these three
bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can

22 | P a g e
have up to 32 host addresses, 30 of which can actually be assigned to a device since host ids of
all zeros or all ones are not allowed (it is very important to remember this). So, with this in mind,
these subnets have been created.
204.17.5.0 255.255.255.224 host address range 1 to 30
204.17.5.32 255.255.255.224 host address range 33 to 62
204.17.5.64 255.255.255.224 host address range 65 to 94
204.17.5.96 255.255.255.224 host address range 97 to 126
204.17.5.128 255.255.255.224 host address range 129 to 158
204.17.5.160 255.255.255.224 host address range 161 to 190
204.17.5.192 255.255.255.224 host address range 193 to 222
204.17.5.224 255.255.255.224 host address range 225 to 254

Note: There are two ways to denote these masks. First, since you use three bits more than the "natural"
Class C mask, you can denote these addresses as having a 3-bit subnet mask. Or, secondly, the mask of
255.255.255.224 can also be denoted as /27 as there are 27 bits that are set in the mask. This second
method is used with CIDR. With this method, one of these networks can be described with the notation
prefix/length. For example, 204.17.5.32/27 denotes the network 204.17.5.32 255.255.255.224. When
appropriate, the prefix/length notation is used to denote the mask throughout the rest of this document.

The network subnetting scheme in this section allows for eight subnets, and the network might
appear as:

Figure 2

Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is
common to both routers. Also, each router has an IP address for each subnetwork to which it is
attached. Each subnetwork could potentially support up to 30 host addresses.
This brings up an interesting point. The more host bits you use for a subnet mask, the more
subnets you have available. However, the more subnets available, the less host addresses
available per subnet. For example, a Class C network of 204.17.5.0 and a mask of
255.255.255.224 (/27) allows you to have eight subnets, each with 32 host addresses (30 of
which could be assigned to devices). If you use a mask of 255.255.255.240 (/28), the break
down is:
204.17.5.0 - 11001100.00010001.00000101.00000000

23 | P a g e
255.255.255.240 - 11111111.11111111.11111111.11110000
--------------------------|sub |---

Since you now have four bits to make subnets with, you only have four bits left for host
addresses. So in this case you can have up to 16 subnets, each of which can have up to 16 host
addresses (14 of which can be assigned to devices).
Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then
you know that its natural mask is 255.255.0.0 or 172.16.0.0/16. Extending the mask to anything
beyond 255.255.0.0 means you are subnetting. You can quickly see that you have the ability to
create a lot more subnets than with the Class C network. If you use a mask of 255.255.248.0
(/21), how many subnets and hosts per subnet does this allow for?
172.16.0.0 - 10101100.00010000.00000000.00000000
255.255.248.0 - 11111111.11111111.11111000.00000000
-----------------| sub |-----------

You use five bits from the original host bits for subnets. This allows you to have 32 subnets (25).
After using the five bits for subnetting, you are left with 11 bits for host addresses. This allows
each subnet so have 2048 host addresses (211), 2046 of which could be assigned to devices.

24 | P a g e