Mastering Network Layer: IP Addressing, Routing, and Core Protocols Explained

Network Layer Overview

The network layer sits between the transport and data‑link layers, providing transparent data transmission across different networks through routing, congestion control, and inter‑network connectivity.

1. IP Addressing

1.1 Classful Addressing

A Class: 1[7‑bit network][24‑bit host] – range 1.0.0.0 ~ 126.255.255.255.

B Class: 10[14‑bit network][16‑bit host] – range 128.0.0.0 ~ 191.255.255.255.

C Class: 110[21‑bit network][8‑bit host] – range 192.0.0.0 ~ 223.255.255.255.

D Class (Multicast): 1110[28‑bit multicast] – range 224.0.0.0 ~ 239.255.255.255.

E Class (Experimental): 11110[reserved] – range 240.0.0.0 ~ 255.255.255.255.

1.1.1 Additional Notes

Network‑zero with non‑zero host identifies a host on the local network.

All‑ones host indicates a broadcast address.

127.0.0.1 is the loopback address.

Private address ranges: A 10.0.0.0/8, B 172.16.0.0/12, C 192.168.0.0/16.

1.2 Classless Inter‑Domain Routing (CIDR)

CIDR aggregates routes, reducing Internet router load, and is used for subnetting. An IP address consists of {network, subnet, host}. Common CIDR notations include:

128.14.35.7/20 – full IP with prefix length.

10.0.0.0/10 → 10/10 – trailing zeros can be omitted.

00010100* – asterisk replaces host bits.

In CIDR, subnet IDs of all‑zero or all‑one have no special meaning, but they must not be assigned as such. Host‑zero denotes the local network; host‑all‑ones denotes the broadcast address.

2. IP Packet Format

The IP header is at least 20 bytes (160 bits). Key fields include version, header length, total length, identification, flags, fragment offset, TTL, protocol, header checksum, source and destination addresses, and optional fields.

Constraints:

Header length field allows up to 60 bytes; optional fields can occupy up to 40 bytes.

Total packet length maxes at 65 535 bytes, but MTU limits often require fragmentation.

3. Routing Concepts

Routers separate broadcast domains and forward packets based on routing tables. IP packets retain their addresses end‑to‑end, while MAC addresses change at each link layer hop.

3.1 Routing Table Example

Specific IPs often use a /32 mask.

DNS servers are listed as specific entries.

Unknown networks appear as 0.0.0.0 (default route).

Routers do not forward private address ranges.

Distance refers to hop count, not physical distance.

3.2 Longest Prefix Match

Routers select the route with the most specific (longest) matching prefix, often implemented with binary trie structures.

3.3 ARP (Address Resolution Protocol)

ARP resolves IP‑to‑MAC mappings by broadcasting a request; the host owning the IP replies with its MAC address. Commands such as arp -a display the ARP cache, which expires after a timeout.

3.4 RARP (Reverse ARP)

RARP allows a device to discover its IP address from a known MAC address via a broadcast request to a RARP server.

4. ICMP Protocol

ICMP (Internet Control Message Protocol) is encapsulated within IP and uses an 8‑byte header (type, code, checksum) followed by data. Common uses:

Error reporting (e.g., destination unreachable, time exceeded, parameter problem).

Diagnostic queries (e.g., echo request/reply for ping, traceroute using TTL‑exceeded messages, timestamp requests).

ICMP does not generate error messages for its own errors, and it avoids sending errors for multicast, loopback, or zero addresses.

5. DHCP Protocol

DHCP (Dynamic Host Configuration Protocol) automates IP address allocation:

New host broadcasts a DHCPDISCOVER.

DHCP server replies with DHCPOFFER.

Host sends DHCPREQUEST to accept the offer.

Server acknowledges with DHCPACK and records the lease.

Multiple simultaneous replies are resolved by the first response; leases are temporary.

6. Routing Protocols

6.1 RIP (Routing Information Protocol)

RIP is a distance‑vector protocol that exchanges entire routing tables with directly connected neighbors via UDP broadcasts. Metrics are hop counts (max 15; 16 indicates unreachable). Updates occur every 30 seconds or immediately on topology change.

6.2 OSPF (Open Shortest Path First)

OSPF is a link‑state protocol that builds a complete network topology map and computes shortest‑path routes using Dijkstra’s algorithm. It operates directly over IP (no UDP).

6.3 BGP (Border Gateway Protocol)

BGP is the exterior gateway protocol used between autonomous systems (AS). It exchanges AS‑level reachability information over TCP port 179.

6.4 Route Poisoning and Poison Reverse

When a route becomes invalid, its metric is set to an infinite value (16 for RIP) and advertised as poisoned. Neighboring routers respond with poison‑reverse messages to stop further propagation.

7. Multicast

7.1 IGMP (Internet Group Management Protocol)

IGMP manages host membership in multicast groups, allowing hosts to join or leave groups and enabling routers to track group membership.

7.2 MOSPF (Multicast OSPF)

MOSPF extends OSPF with multicast‑specific link‑state advertisements to build source‑based multicast trees.

8. Other Network‑Layer Concepts

8.1 VPN

Virtual Private Networks create encrypted tunnels between sites, allowing private traffic to traverse public networks securely.

8.2 NAT

Network Address Translation maps private internal IP addresses to public IP addresses for Internet communication.

8.3 Mobile IP

Mobile IP enables a host to maintain connectivity while moving between subnets by using a home agent and a care‑of address.

9. Common Network‑Layer Commands

ifconfig

– display local IP configuration. netstat -r – show routing table. tcpdump – capture packets, including hardware (MAC) addresses. ping – test host reachability. traceroute – trace the path using ICMP TTL‑exceeded messages. route – view or modify routing tables. gated – display IGP/EGP information.