Mastering Network Layer: IP Addressing, Routing, and Core Protocols

Abstract

The network layer sits between the transport and data link layers, providing transparent data transmission between network systems, including routing, congestion control, and inter‑network connectivity.

IP Addressing

Classful notation

Class A: Format 1[7‑bit network][24‑bit host]; range 1.x.x.x ~ 126.x.x.x; network 0 = local network, network 1 = loopback (127.0.0.1); all‑0 host = local host, all‑1 host = broadcast.

Class B: Format 10[14‑bit network][16‑bit host]; range 128.x.x.x ~ 191.x.x.x; network cannot be all‑0 but may be all‑1.

Class C: Format 110[21‑bit network][8‑bit host]; range 192.x.x.x ~ 223.x.x.x; network cannot be all‑0.

Class D (Multicast): Format 1110[28‑bit multicast]; range 224.x.x.x ~ 239.x.x.x.

Class E (Experimental): Format 11110[reserved]; used for experiments, not normal host addresses.

Additional notes on classful addresses

Network 0 with non‑zero host identifies a host within the local network.

Network not all‑1 with host all‑1 denotes the broadcast address of that network.

All‑0 indicates the local host; all‑1 indicates the network broadcast.

127.0.0.1 is the loopback address.

Private addresses (not routed on the Internet):

Class A: 10.0.0.0 ~ 10.255.255.255

Class B: 172.16.0.0 ~ 172.31.255.255

Class C: 192.168.0.0 ~ 192.168.255.255

Classless Inter‑Domain Routing (CIDR)

CIDR aggregates routes so a single IP prefix can represent thousands of addresses, reducing router table size. It is used for subnetting, separating the subnet number from the network number.

IP address structure: {network, subnet, host}.

Three CIDR notation examples:

128.14.35.7/20 – full IP with subnet length.

10.0.0.0/10 → 10/10 – trailing zeros may be omitted.

00010100* – asterisk replaces host bits after the subnet.

In CIDR, a subnet of all‑0 or all‑1 has no special meaning, but such subnets must not be assigned.

Subnet mask: bits set to 1 indicate network+subnet portion; bits set to 0 indicate host portion.

Routing compares network, then subnet, then host; the mask simplifies this process.

IP Packet Format

The IP header is at least 20 bytes (160 bits). The following image shows the header fields and limits.

Key constraints:

Header length field allows a maximum header size of 60 bytes, leaving up to 40 bytes for optional fields.

Total packet length is limited to 65 535 bytes; MTU limits often require fragmentation, which introduces fragment ID and offset fields.

IP Packet Contents (unordered overview)

Total length = header length + payload.

Header checksum for validation.

Source and destination IP addresses; IP version indicates IPv4 or IPv6.

Fragmentation fields: ID, MF flag, fragment offset.

Protocol field (e.g., ICMP, IGMP).

TTL (time‑to‑live).

Optional fields (up to 40 bytes).

Routing Concepts

Routers separate broadcast domains; they do not forward broadcast frames. Hubs share a collision domain, switches share a broadcast domain but separate collision domains, and routers connect different broadcast domains.

IP packets keep their addresses unchanged across hops, while MAC addresses change at each link layer.

Routing Table Example

Example routing table for a router in network N1:

Specific host routes use a /32 mask.

DNS servers are typically listed as specific host entries.

Unknown networks are represented as 0.0.0.0 (default route).

Routers do not forward private‑address traffic.

Distance refers to hop count, not physical distance.

Longest Prefix Match

When multiple routes match, the route with the longest matching prefix is selected. Binary trie structures can accelerate this lookup.

ARP (Address Resolution Protocol)

ARP maps IP addresses to MAC addresses. When a host or router lacks a MAC entry, it broadcasts an ARP request; the owning host replies, populating the ARP cache, which expires after a timeout.

Command arp -a displays the ARP cache.

Cache entries have a timeout; missing hosts cause repeated ARP requests.

“Free ARP” refers to a host querying its own MAC address.

“ARP proxy” occurs when an intermediate router answers on behalf of the destination.

RARP (Reverse ARP)

RARP obtains an IP address from a known MAC address. A host broadcasts a RARP request; a RARP server replies with the corresponding IP if it exists; otherwise, the request fails.

ICMP Protocol

Internet Control Message Protocol (ICMP) is encapsulated within IP packets. Its header is 8 bytes: 2‑byte type, 2‑byte code, and 4‑byte checksum, followed by data.

Common uses:

Error reporting (e.g., destination unreachable, time exceeded, parameter problem, source quench, redirect).

Diagnostic queries (e.g., echo request/reply used by ping, time‑exceeded messages used by traceroute, timestamp requests).

ICMP does not generate error messages for its own errors, and it avoids sending errors for multicast, loopback, or zero addresses.

DHCP Protocol

Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts on a LAN.

New host broadcasts a DHCPDISCOVER.

DHCP server replies with DHCPOFFER (broadcast).

Host sends DHCPREQUEST to accept the offer.

Server acknowledges with DHCPACK and records the lease.

Notes:

If multiple offers arrive, the first one is used.

Leases are temporary and must be renewed.

DHCP operates over UDP but serves the application‑layer purpose of dynamic IP allocation.

Optimal Next‑Hop Calculation

RIP (Routing Information Protocol)

RIP is a distance‑vector IGP that exchanges entire routing tables with directly‑connected neighbors via UDP broadcasts. The metric is hop count (max 15; 16 = unreachable). Updates are sent every 30 seconds or triggered by topology changes.

OSPF (Open Shortest Path First)

OSPF is a link‑state IGP. Each router floods its link‑state advertisements, building a complete network topology and computing shortest‑path routes using Dijkstra’s algorithm. OSPF operates directly over IP (no UDP).

BGP (Border Gateway Protocol)

BGP is the external gateway protocol (EGP) used between autonomous systems. Each AS advertises reachable prefixes to peers over TCP port 179, constructing a global connectivity graph.

RIP Update Triggers

Periodic updates every 30 seconds.

Triggered updates are sent immediately when a topology change is detected.

Route Poisoning

When a route becomes invalid, its metric is set to 16 (infinite) before removal, and this poisoned route is advertised to neighbors to prevent loops.

Multicast

IGMP (Internet Group Management Protocol)

IGMP manages group membership on a local network. Hosts join/leave multicast groups by sending IGMP reports; routers query hosts periodically to confirm membership.

MOSPF (Multicast OSPF)

MOSPF extends OSPF for multicast routing, using link‑state updates that include group membership LSAs to build source‑based trees.

Other Network‑Layer Concepts

VPN

Virtual Private Networks create encrypted tunnels between sites, encapsulating traffic so that internal packets never traverse the public Internet in clear text.

NAT

Network Address Translation maps private internal IP addresses to public IP addresses for outbound traffic and vice‑versa for inbound traffic.

Mobile IP

Mobile IP allows a host to retain its IP address while moving between subnets by registering a care‑of address and using tunneling to forward packets.

Common Network‑Layer Commands

ifconfig

– display local IP configuration. netstat -r – show the routing table. tcpdump – capture packets, including MAC addresses. ping – test reachability of another host. traceroute – trace the path using ICMP time‑exceeded messages. route – view or modify the routing table. gated – display IGP/EGP protocol status.