Understanding IPv4: Header Structure, Fragmentation, and CIDR Explained

IPv4 Header Format

IPv4 Header

Version (4 bits) : value 4 indicates IPv4.

Header Length (4 bits) : length of the IPv4 header; minimum 5 (20 Bytes), maximum 15 (60 Bytes).

TOS (Type of Service, 8 bits) : used for QoS; includes TOC and DSCP modes.

Total Length (16 bits) : total size of the IP packet, up to 65535 Bytes.

Identification (16 bits) : used to identify fragments belonging to the same original packet.

IP Flags (3 bits) : indicate fragmentation status (MF, DF, Reserved).

Fragment Offset (13 bits) : position of a fragment within the original packet (unit = 8 Bytes).

TTL (Time to Live, 8 bits) : number of routers a packet may traverse before being discarded.

Protocol (8 bits) : indicates the encapsulated upper‑layer protocol (e.g., ICMP, TCP, UDP).

Header Checksum (16 bits) : checksum for header integrity verification.

Source Address (32 bits) : sender's IP address.

Destination Address (32 bits) : receiver's IP address.

Option (variable) : optional fields for advanced features.

Padding (variable) : ensures header length is a multiple of 4 Bytes.

IP Packet Fragmentation and Reassembly

IP MTU

IP MTU (Maximum Transmission Unit) specifies the largest packet size that a network interface can transmit in a single frame. When a packet’s total length exceeds the MTU, it must be fragmented before transmission.

A larger MTU (e.g., 9000 Bytes) reduces overhead, while a smaller MTU (e.g., 1500 Bytes) can lower latency; the optimal value depends on the application scenario.

IP Fragment and Reassembly

Fragmentation splits an oversized IP datagram into smaller fragments; reassembly restores the original packet at the receiver.

IP Datagram : original packet larger than the MTU.

IP Fragments : pieces whose size does not exceed the MTU. All fragments share the same Identification, have MF flag set to 1 except the last fragment, and have sequential Fragment Offsets.

Example: an IP datagram of 5140 Bytes (20 Bytes header + 5120 Bytes payload) with DF=0 can be fragmented into four fragments of 1500 Bytes each and a final fragment of 700 Bytes, each with appropriate offsets.

Path MTU Discovery (PMTUD)

Fragmentation introduces extra router load and packet loss risk; PMTUD avoids fragmentation by discovering the smallest MTU along the path.

Sender transmits a packet with the DF (Don’t Fragment) flag set.

If a router encounters a packet larger than its MTU, it discards the packet and returns an ICMP message containing its MTU.

The sender reduces the packet size according to the received MTU and retransmits, repeating until the packet fits.

The discovered Path MTU is cached for about 10 minutes before a new discovery is performed.

IP Address Format

IPv4 addresses consist of four octets (32 bits) usually written in dotted‑decimal notation, e.g., 192.168.1.1.

Classful Addressing

To manage the limited public IPv4 space, ISPs historically used classful addressing ({network number + host number}) divided into three classes:

Class A : 1‑byte network prefix, 126 networks, each with 16,777,214 hosts.

Class B : 2‑byte network prefix, 16,383 networks, each with 65,534 hosts.

Class C : 3‑byte network prefix, 2,097,151 networks, each with 254 hosts.

In theory, there are about 4.294 billion public IPv4 addresses.

CIDR (Classless Inter‑Domain Routing)

In the early 1990s, the IETF recognized that 32‑bit addresses were insufficient and that classful allocation caused routing table explosion. CIDR was introduced to replace classful networks with prefix notation {IP/NETMASK}.

Advantages of CIDR:

Concise representation {IP/NETMASK} with full information.

Flexible subnet size by adjusting the netmask.

Route aggregation reduces the number of entries in routers.

CIDR:    128.14.35.7/20
IP address: 128.14.35.7 = 10000000 00001110 00100011 00000111
Subnet mask: 255.255.240.0 = 11111111 11111111 11110000 00000000
Network address (min): 128.14.32.0 = 10000000 00001110 00100000 00000000
Broadcast address (max): 128.14.47.255 = 10000000 00001110 00101111 11111111

Identifying the netmask is crucial; two identical IP addresses with different netmasks belong to different subnets.

Subnetting

After adopting CIDR, subnetting becomes straightforward: change the netmask to create smaller networks, improving performance, security, and address utilization.

Improved performance and security : limiting broadcast/multicast traffic to smaller domains.

Efficient IP address usage : fine‑grained allocation prevents waste.

Simplified management : each subnet can have dedicated administrators and policies.

Example: a public block 203.0.113.0/24 is divided into three subnets:

SubnetA : 203.0.113.0/26 – 62 usable hosts.

SubnetB : 203.0.113.64/27 – 30 usable hosts.

SubnetC : 203.0.113.96/28 – 14 usable hosts.

Network Aggregation

Network aggregation combines multiple small networks with the same netmask into a larger network to reduce router table entries, improving lookup speed and CPU/memory usage. Networks with different netmasks cannot be aggregated.