Routing and Forwarding

The network Layer is the third layer in the OSI model of computer networks. Its
main function is to transfer network packets from the source to the destination.
It is involved both the source host and the destination host. At the source, it
accepts a packet from the transport layer, encapsulates it in a datagram, and then
delivers the packet to the data link layer so that it can further be sent to the
receiver. At the destination, the datagram is decapsulated, and the packet is
extracted and delivered to the corresponding transport layer.
Features of Network Layer
1. The main responsibility of the Network layer is to carry the data
packets from the source to the destination without changing or using
them.
2. If the packets are too large for delivery, they are fragmented i.e.,
broken down into smaller packets.
3. It decides the route to be taken by the packets to travel from the source
to the destination among the multiple routes available in a network
(also called routing).
4. The source and destination addresses are added to the data packets
inside the network layer.
Services Offered by Network Layer
The services which are offered by the network layer protocol are as follows:
1. Packetizing
2. Routing
3. Forwarding
1. Packetizing
The process of encapsulating the data received from the upper layers of the
network (also called payload) in a network layer packet at the source and
decapsulating the payload from the network layer packet at the destination is
known as packetizing.

The source host adds a header that contains the source and destination address
and some other relevant information required by the network layer protocol to
the payload received from the upper layer protocol and delivers the packet to
the data link layer.

The destination host receives the network layer packet from its data link layer,
decapsulates the packet, and delivers the payload to the corresponding upper
layer protocol. The routers in the path are not allowed to change either the source
or the destination address. The routers in the path are not allowed to decapsulate
the packets they receive unless they need to be fragmented.
 Packetizing

2. Routing
Routing is the process of moving data from one device to another device. These
are two other services offered by the network layer. In a network, there are a
number of routes available from the source to the destination. The network layer
specifies some strategies which find out the best possible route. This process is
referred to as routing. There are a number of routing protocols that are used in
this process and they should be run to help the routers coordinate with each other
and help in establishing communication throughout the network.
 Routing

3. Forwarding

Forwarding is simply defined as the action applied by each router when a packet
arrives at one of its interfaces. When a router receives a packet from one of its
attached networks, it needs to forward the packet to another attached network
(unicast routing) or to some attached networks (in the case of multicast routing).
Routers are used on the network for forwarding a packet from the local network
to the remote network. So, the process of routing involves packet forwarding
from an entry interface out to an exit interface.
 Forwarding

Difference between Routing and Forwarding

Routing Forwarding

Routing is the process of moving Forwarding is simply defined as the

data from one device to another action applied by each router when a
device. packet arrives at one of its interfaces.

Operates on the Network Layer. Operates on the Network Layer.

Checks the forwarding table and

Work is based on Forwarding Table.
work according to that.

Works on protocols like Routing

Works on protocols like UDP
Information Protocol (RIP) for
Encapsulating Security Payloads
Routing.
Network Services Models

1. Error Control
2. Flow Control
3. Congestion Control
1. Error Control
Although it can be implemented in the network layer, it is usually not preferred
because the data packet in a network layer may be fragmented at each router,
which makes error-checking inefficient in the network layer.
2. Flow Control
It regulates the amount of data a source can send without overloading the
receiver. If the source produces data at a very faster rate than the receiver can
consume it, the receiver will be overloaded with data. To control the flow of
data, the receiver should send feedback to the sender to inform the latter that it
is overloaded with data.
There is a lack of flow control in the design of the network layer. It does not
directly provide any flow control. The datagrams are sent by the sender when
they are ready, without any attention to the readiness of the receiver.
3. Congestion Control
Congestion occurs when the number of datagrams sent by the source is beyond
the capacity of the network or routers. This is another issue in the network layer
protocol. If congestion continues, sometimes a situation may arrive where the
system collapses and no datagrams are delivered. Although congestion
control is indirectly implemented in the network layer, still there is a lack of
congestion control in the network layer.
Advantages of Network Layer Services
 Packetization service in the network layer provides ease of
transportation of the data packets.
 Packetization also eliminates single points of failure in data
communication systems.
 Routers present in the network layer reduce network traffic by creating
collision and broadcast domains.
 With the help of Forwarding, data packets are transferred from one
place to another in the network.
Disadvantages of Network Layer Services
 There is a lack of flow control in the design of the network layer.
  Congestion occurs sometimes due to the presence of too many
datagrams in a network that is beyond the capacity of the network or
the routers. Due to this, some routers may drop some of the datagrams,
and some important pieces of information may be lost.
 Although indirect error control is present in the network layer, there is
a lack of proper error control mechanisms as due to the presence of
fragmented data packets, error control becomes difficult to
implement.

Computer networks that provide connection-oriented services are called Virtual

Circuits while those providing connection-less services are called Datagram
networks. For prior knowledge, the Internet that we use is based on a Datagram
network (connection-less) at the network level as all packets from a source to a
destination do not follow the same path.
Virtual Circuits
 It is connection-oriented, meaning that there is a reservation of
resources like buffers, CPU, bandwidth, etc. for the time in which the
newly set VC is going to be used by a data transfer session.
  The first sent packet reserves resources at each server along the path.
Subsequent packets will follow the same path as the first sent packet
for the connection time.
 Since all the packets are going to follow the same path, a global
header is required. Only the first packet of the connection requires a
global header, the remaining packets generally don’t require global
headers.
 Since all packets follow a specific path, packets are received in order
at the destination.
 Virtual Circuit Switching ensures that all packets successfully reach
the Destination. No packet will be discarded due to the unavailability
of resources.
 From the above points, it can be concluded that Virtual Circuits are a
highly reliable method of data transfer.
 The issue with virtual circuits is that each time a new connection is
set up, resources and extra information have to be reserved at every
router along the path, which becomes problematic if many clients are
trying to reserve a router’s resources simultaneously.
 It is used by the ATM (Asynchronous Transfer Mode) Network,
specifically for Telephone calls.
Types of Virtual Circuit
1. Permanent Virtual Circuits(PVC): The communication management
station, which is the telco’s central office, manually configures the switches,
which offer performance comparable to dedicated lines. The main use for these
always-on circuits is high-speed communication. PVCs require telco resources
(switches) to be allocated to a single communication circuit whether or not that
circuit is in use, making them an expensive solution for wide-area networks
(WANs).
2. Switched Virtual circuits (SVCs): As soon as a communication session is
established, the switches are set up. SVCs are released at the conclusion of the
session and can be used to create new channels of communication. This is the
process of normal phone communication. SVCs, which are billed on a per-
minute basis, are generally utilised in WANs when backups to dedicated leased
lines are required.
Benefits of Virtual Circuit
 The recipient receives the sender’s packets in the same order as they
were sent.
 A secure network link is called a virtual circuit.
 Overhead is not required for any packet.
 A single global packet overhead is used in a virtual circuit.
Drawbacks of Virtual Circuits
 The cost of implementing a virtual circuit is high.
 It provides only services based on connections.
  In order to transmit, a new link needs to be created permanently.
Datagram Networks
 It is a connection-less service. There is no need for reservation of
resources as there is no dedicated path for a connection session.
 All packets are free to use any available path. As a result,
intermediate routers calculate routes on the go due to dynamically
changing routing tables on routers.
 Since every packet is free to choose any path, all packets must be
associated with a header with proper information about the source
and the upper layer data.
 The connection-less property makes data packets reach the
destination in any order, which means that they can potentially be
received out of order at the receiver’s end.
 Datagram networks are not as reliable as Virtual Circuits.
 The major drawback of Datagram Packet switching is that a packet
can only be forwarded if resources such as the buffer, CPU, and
bandwidth are available. Otherwise, the packet will be discarded.
 But it is always easy and cost-efficient to implement datagram
networks as there is no extra headache of reserving resources and
making a dedicated each time an application has to communicate.
 It is generally used by the IP network, which is used for Data
services like the Internet.
Benefits of Datagram Networks
 The flexibility of datagram networks is one of its main benefits.
 They are better at managing network congestion. Datagram networks
are able to adjust to variations in network traffic and identify several
paths for packets to take in order to reach their intended destination
because every packet is handled separately.
 In big and complicated networks in particular, this can lead to
decreased latency and increased network performance.
 In addition, datagram networks scale more easily than other kinds of
networks. Datagram networks are the ideal option for contemporary
communication systems, such as the Internet of Things (IoT) and
real-time data streaming applications, due to their scalability.
Drawbacks of Datagram Networks
 The lack of assured delivery in datagram networks is one of their
primary disadvantages. There is no assurance that all packets will
arrive at their destination or in the right order because they are sent
separately.
 Datagram networks also have the drawback of being vulnerable to
security breaches. Datagram networks are particularly susceptible to
network assaults including spoofing, eavesdropping, and denial of
 service (DoS) attacks since they don’t create a dedicated connection
between the sender and the recipient.
 Moreover, datagram networks may not always support guarantees of
quality of service (QoS). While certain applications may benefit from
QoS capabilities provided by some protocols, like the Real-time
Transport Protocol (RTP), datagram networks as a whole do not
provide a centralised method for allocating priorities and controlling
network traffic.
Difference Between Virtual Circuits and Datagram Networks
Virtual Circuit
Criteria Networks Datagram Networks

Prior to data
transmission, a
Connection No connection setup is
connection is
Establishment required.
established between
sender and receiver.

Routing decisions are

Routing decisions are
made once during
made independently for
connection setup and
Routing each packet and can
remain fixed
vary based on network
throughout the duration
conditions.
of the connection.

Uses implicit flow

Uses explicit flow
control, where the
control, where the
sender assumes a
sender adjusts its rate of
Flow Control certain level of
transmission based on
available bandwidth
feedback from the
and sends packets
receiver.
accordingly.

Uses end-to-end Uses network-assisted

Congestion Control congestion control, congestion control,
where the sender where routers monitor
adjusts its rate of network conditions and
 Virtual Circuit
Criteria Networks Datagram Networks

transmission based on may drop packets or

feedback from the send congestion signals
network. to the sender.

Provides reliable
Provides unreliable
delivery of packets by
delivery of packets and
Error Control detecting and
does not guarantee
retransmitting lost or
delivery or correctness.
corrupted packets.

Requires more
Requires less overhead overhead per packet
per packet because because each packet
Overhead connection setup and contains information
state maintenance are about its destination
done only once. address and other
routing information.

Example Protocol ATM, Frame Relay IP (Internet Protocol)

Conclusion
 Another term for virtual circuits is connection-oriented switching.
Virtual circuit switching establishes a predetermined path before a
message is sent.
 The path in virtual circuits is called a virtual circuit because it seems
to the user to be a dedicated physical circuit.
 In datagram networks, sometimes referred to as packet-switching
technology, each packet—also known as a datagram—is regarded as
an autonomous entity. The switch uses the destination information
included in each packet to guide the packet to its intended location.
 Reserving resources is not necessary in Datagram Networks since
there isn’t a specific channel for connection sessions. Packets now
have a header containing all of the data intended for the destination.
 Datagram networks use first-come, first-serve (FCFS) scheduling to
manage resource distribution.
INSIDE A ROUTER -INPUT PROCESSING
========================================================
=Router is a networking device that fulfills the need for devices to share files
and forward data packets between devices over computer networks. Routers
perform some directing functions on the Internet so the data sent over the
internet, such as a web page in the form of data packets
Example: Let us understand this by a very general example, suppose, we search
for www.google.com in your web browser then this will be a request which will
be sent from system to the google`s server to serve that webpage, now the
request is nothing but a stream of packets don`t just go the google`s server
straightaway they go through a series of devices known as a router which
accepts this packets and forwards them to correct path and hence it reaches to
the destination server.

How does Router work?

A wireless router connects directly to a modem by a cable then a router can

receive and transmit information or data to the internet. Then the router starts to
communicate with the wifi network and provides internet access to all devices
within the network range of the router.
A generic router consists of the following components:
1. Input Port: This is the interface by which packets are admitted into
the router, it performs several key functions as terminating the physical
link at the router
2. Switching Fabric: This is the main component of the Router, it
connects the input ports with the output ports. It is kind of a network
inside a networking device.
3. Output Ports: This is the segment from which packets are transmitted
out of the router. The output port looks at its queuing buffers (when
more than one packets have to be transmitted through the same output
port queuing buffers are formed) and takes packets
 4. Routing Processor: It executes the routing protocols, and works like
a traditional CPU. It uses various routing algorithms like link-state
algorithm, distance-vector algorithm, etc.

The Internal Components of Router:

Below is the raw diagram showing the internal components of the router:

Internal Components of Router

The router is an intelligent device, routers use routing algorithms such

as Dijkstra’s Algorithm to map the destination or to find the best route to a
destination on the parameters like the number of hops.
 1. CPU: The CPU in the router executes the commands and processes
the commands in the operating system. The flow of data on the
interface is controlled by the CPU.
2. ROM: Read Only Memory in the router mainly works when the router
boots up or is powered up. It stores the bootstrap program needed when
the router is turned on.
3. RAM: Random Access Memory in the router contains the executable
file and running file of the configuration file and the contents are lost
when the router’s power is turned off.
4. Flash Memory: It contains the operating system. The data of the flash
memory remain unchanged when the router is rebooted or powered
off. So, whenever the router is powered on the OS is loaded into RAM
from flash memory.
5. NVRAM: It stands for Nonvolatile RAM. It is a backup copy of the
running configuration file. Its functioning basically helps when the
router loses power and the router needs to establish the configuration
and load it again. The content of NVRAM is changeable. When the
router is powered on it searches the startup-config file in NVRAM
only.
6. Interfaces / Ports: If we want to connect the router with wire or we
want a wired connection there are multiple interfaces that are used to
connect the network. i.e. Fast Ethernet, Gigabit Ethernet, and Serial.

What is Switching?

In computer networking, Switching is the process of transferring data packets

from one device to another in a network, or from one network to another, using
specific devices called switches. A computer user experiences switching all the
time for example, accessing the Internet from your computer device, whenever
a user requests a webpage to open, the request is processed through switching
of data packets only.
Switching takes place at the Data Link layer of the OSI Model. This means that
after the generation of data packets in the Physical Layer, switching is the
immediate next process in data communication. In this article, we shall discuss
different processes involved in switching, what kind of hardware is used in
switching, etc.
What is a Network Switching?
A switch is a dedicated piece of computer hardware that facilitates the process
of switching i.e., incoming data packets and transferring them to their
destination. A switch works at the Data Link layer of the OSI Model. A switch
primarily handles the incoming data packets from a source computer or network
and decides the appropriate port through which the data packets will reach their
target computer or network.
A switch decides the port through which a data packet shall pass with the help
of its destination MAC(Media Access Control) Address. A switch does this
effectively by maintaining a switching table, (also known as forwarding table).
A network switch is more efficient than a network Hub or repeater because it
maintains a switching table, which simplifies its task and reduces congestion
on a network, which effectively improves the performance of the network.

Process of Switching
The switching process involves the following steps:
Frame Reception: The switch receives a data frame or packet from a
computer connected to its ports.
 MAC Address Extraction: The switch reads the header of the data
frame and collects the destination MAC Address from it.
 MAC Address Table Lookup: Once the switch has retrieved the
MAC Address, it performs a lookup in its Switching table to find a
port that leads to the MAC Address of the data frame.
  Forwarding Decision and Switching Table Update: If the switch
matches the destination MAC Address of the frame to the MAC
address in its switching table, it forwards the data frame to the
respective port. However, if the destination MAC Address does not
exist in its forwarding table, it follows the flooding process, in which
it sends the data frame to all its ports except the one it came from and
records all the MAC Addresses to which the frame was delivered.
This way, the switch finds the new MAC Address and updates
its forwarding table.
 Frame Transition: Once the destination port is found, the switch
sends the data frame to that port and forwards it to its target
computer/network.
Types of Switching
There are three types of switching methods:
 Message Switching
 Circuit Switching
 Packet Switching
 Datagram Packet Switching
 Virtual Circuit Packet Switching

Let us now discuss them individually:

Message Switching: This is an older switching technique that has become
obsolete. In message switching technique, the entire data block/message is
forwarded across the entire network thus, making it highly inefficient.
Circuit Switching: In this type of switching, a connection is established
between the source and destination beforehand. This connection receives the
complete bandwidth of the network until the data is transferred completely.
This approach is better than message switching as it does not involve sending
data to the entire network, instead of its destination only.
Packet Switching: This technique requires the data to be broken down into
smaller components, data frames, or packets. These data frames are then
transferred to their destinations according to the available resources in the
network at a particular time.
This switching type is used in modern computers and even the Internet. Here,
each data frame contains additional information about the destination and
other information required for proper transfer through network components.
Datagram Packet Switching: In Datagram Packet switching, each data frame
is taken as an individual entity and thus, they are processed separately. Here,
no connection is established before data transmission occurs. Although this
approach provides flexibility in data transfer, it may cause a loss of data
frames or late delivery of the data frames.
Virtual-Circuit Packet Switching: In Virtual-Circuit Packet switching, a
logical connection between the source and destination is made before
transmitting any data. These logical connections are called virtual circuits.
Each data frame follows these logical paths and provides a reliable way of
transmitting data with less chance of data loss.
Conclusion
In this article, we discussed the process of switching to Computer Networking.
We explained the physical devices required for switching. We looked at the
steps involved in the process of switching and learned about different types of
switching methods.
Packet Queuing and Dropping in Routers

Routers are essential networking devices that direct the flow of data over a network.
Routers have one or more input and output interfaces which receive and transmit
packets respectively. Since the router’s memory is finite, a router can run out of
space to accommodate freshly arriving packets. This occurs if the rate of arrival of
the packets is greater than the rate at which packets exit from the router’s memory.
In such a situation, new packets are ignored or older packets are dropped. As part of
the resource allocation mechanisms, routers must implement some queuing
discipline that governs how packets are buffered or dropped when required.

Fig 1: Depiction of a router’s inbound and outbound traffic

Queue Congestion and Queuing Disciplines

Router queues are susceptible to congestion by virtue of the limited buffer memory
available to them. When the rate of ingress traffic becomes larger than the amounts
that can be forwarded on the output interface, congestion is observed. The potential
causes of such a situation mainly involve:

 Speed of incoming traffic surpasses the rate of outgoing traffic

 The combined traffic from all the input interfaces exceeds overall output
capacity
 The router processor is incapable of handling the size of the forwarding
table to determine routing paths

To manage the allocation of router memory to the packets in such situations of

congestion, different disciplines might be followed by the routers to determine
which packets to keep and which packets to drop. Accordingly, we have the
following important queuing disciplines in routers:

First-In, First-Out Queuing (FIFO)

The default queuing scheme followed by most routers is FIFO. This generally
requires little or no configuration to be done on the server. All packets in FIFO are
serviced in the same order as they arrive in the router. On reaching saturation within
the memory, new packets attempting to enter the router are dropped (tail drop). Such
a scheme, however, is not apt for real-time applications, especially during
congestion. A real-time application such as VoIP, which continually sends packets,
may be starved during times of congestion and have all its packets dropped.

Priority Queuing (PQ)

In Priority Queuing, instead of using a single queue, the router bifurcates the
memory into multiple queues, based on some measure of priority. After this, each
queue is handled in a FIFO manner while cycling through the queues one by one.
The queues are marked as High, Medium, or Low based on priority. Packets from
the High queue are always processed before packets from the Medium queue.
Likewise, packets from the Medium queue are always processed before packets in
the Normal queue, etc. As long as some packets exist in the High priority queue, no
other queue’s packets are processed. Thus, high priority packets cut to the front of
the line and get serviced first. Once a higher priority queue is emptied, only then is a
lower priority queue serviced.
 Fig 2: Multiple sub-queues used in Priority Queuing Scheme

The obvious advantage of PQ is that higher-priority traffic is always processed first.

However, a significant disadvantage to the PQ scheme is that the lower-priority
queues can often receive
no service at all as a result of starvation. A constant stream of High priority traffic
can starve out the lower-priority queues

THE ROUTING CONTROL PLANE:

1. Control Plane : In Routing control plane refers to the all functions and
processes that determine which path to use to send the packet or frame.
Control plane is responsible for populating the routing table, drawing
network topology, forwarding table and hence enabling the data plane
functions. Means here the router makes its decision. In a single line it
can be said that it is responsible for How packets should be forwarded.
2. 2. Data Plane : In Routing data plane refers to all the functions and
processes that forward packets/frames from one interface to another
based on control plane logic. Routing table, forwarding table and the
routing logic constitute the data plane function. Data plane packet goes
through the router and incoming and outgoing of frames are done
based on control plane logic. Means in single line it can be said that it
 is responsible for moving packets from source to destination. It is also
called as Forwarding plane.
Difference between Control Plane and Data Plane :
S.No. CONTROL PLANE DATA PLANE

Data plane refers to all the functions

Control plane refers to the all functions and
and processes that forward
01. processes that determine which path to use to
packets/frames from one interface to
send the packet or frame.
another based on control plane logic.

It is responsible for building and maintaining It is responsible for forwarding actual

02.
the IP routing table. IP packet.

Control plane responsible about how packets Data plane responsible for moving
03.
should be forwarded. packets from source to destination.

Data plane performs its task

04. Control plane performs its task independently.
depending on Control plane.

In general we can say in data plane

In general we can say in control plane it is
05. the actual task is performed based on
learned what and how it can be done.
what is learned.

The forwarding plane/data plane

Control plane packets are processed by router
06. forwards the packets based on the
to update the routing table.
built logic of control plane.

It includes Spanning Tree Protocol

(STP), Address Resolution Protocol It includes decrementing Time To
07. (ARP), Routing Information Protocol Live (TTL), recomputing IP header
(RIP), Dynamic Host Configuration Protocol checksum etc.
(DHCP) etc.

Control plane packets are locally originated Data plane packets go through the
08.
by the router itself. router.

Control plane acts as a decision maker in data Data plane acts as a decision
09.
forwarding. implementer in data forwarding.

Switching is performed in the data

10. Routing is performed in the control plane.
plane.
Introduction and IPv4 Datagram Header
The network layer is the third layer (from bottom) in the OSI Model. The network
layer is concerned with the delivery of a packet across multiple networks. The
network layer is considered the backbone of the OSI Model. It selects and manages
the best logical path for data transfer between nodes. This layer contains hardware
devices such as routers, bridges, firewalls, and switches, but it actually creates a
logical image of the most efficient communication route and implements it with a
physical medium. Network layer protocols exist in every host or router. The router
examines the header fields of all the IP packets that pass through it. Internet Protocol
and Netware IPX/SPX are the most common protocols associated with the network
layer. In the OSI model, the network layer responds to requests from the layer above
it (transport layer) and issues requests to the layer below it (data link
layer). Responsibilities of Network Layer:
Packet forwarding/Routing of packets: Relaying of data packets from one network
segment to another by nodes in a computer network Connectionless
communication(IP): A data transmission method used in packet-switched networks
in which each data unit is separately addressed and routed based on information
carried by it Fragmentation of data packets: Splitting of data packets that are too
large to be transmitted on the network

There are two types of network transmission techniques, circuit switched network
and packet switched network. Circuit Switch vs Packet Switch In circuit switched
network, a single path is designated for transmission of all the data packets. Whereas
in case of a packet-switched network, each packet may be sent through a different
path to reach the destination. In a circuit switched network, the data packets are
received in order whereas in a packet switched network, the data packets may be
received out of order. The packet switching is further subdivided into Virtual circuits
and Datagram.

IPv4: IPv4 is a connectionless protocol used for packet-switched networks. It

operates on a best-effort delivery model, in which neither delivery is guaranteed, nor
proper sequencing or avoidance of duplicate delivery is assured. Internet Protocol
Version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely used
protocol in data communication over different kinds of networks. IPv4 is a
connectionless protocol used in packet-switched layer networks, such as Ethernet. It
provides a logical connection between network devices by providing identification
for each device. There are many ways to configure IPv4 with all kinds of devices –
including manual and automatic configurations – depending on the network type.
IPv4 is defined and specified in IETF publication RFC 791. IPv4 uses 32-bit
addresses for Ethernet communication in five classes: A, B, C, D and E. Classes A,
B and C have a different bit length for addressing the network host. Class D
addresses are reserved for multicasting, while class E addresses are reserved for
military purposes. IPv4 uses 32-bit (4-byte) addressing, which gives 232 addresses.
IPv4 addresses are written in the dot-decimal notation, which comprises of four
octets of the address expressed individually in decimal and separated by periods, for
instance, 192.168.1.5.

IPv4 Datagram Header Size of the header is 20 to 60 bytes.

IPv4 Datagram Header

VERSION: Version of the IP protocol (4 bits), which is 4 for IPv4

HLEN: IP header length (4 bits), which is the number of 32 bit words in the header.
The minimum value for this field is 5 and the maximum is 15.
Type of service: Low Delay, High Throughput, Reliability (8 bits)
Total Length: Length of header + Data (16 bits), which has a minimum value 20
bytes and the maximum is 65,535 bytes.
Identification: Unique Packet Id for identifying the group of fragments of a single
IP datagram (16 bits)
Flags: 3 flags of 1 bit each : reserved bit (must be zero), do not fragment flag, more
fragments flag (same order)
Fragment Offset: Represents the number of Data Bytes ahead of the particular
fragment in the particular Datagram. Specified in terms of number of 8 bytes, which
has the maximum value of 65,528 bytes.
Time to live: Datagram’s lifetime (8 bits), It prevents the datagram to loop through
the network by restricting the number of Hops taken by a Packet before delivering to
the Destination.
Protocol: Name of the protocol to which the data is to be passed (8 bits)
Header Checksum: 16 bits header checksum for checking errors in the datagram
header
Source IP address: 32 bits IP address of the sender
Destination IP address: 32 bits IP address of the receiver
Option: Optional information such as source route, record route. Used by the
Network administrator to check whether a path is working or not.
Due to the presence of options, the size of the datagram header can be of variable
length (20 bytes to 60 bytes).

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) is a network layer protocol used to
diagnose communication errors by performing an error control mechanism. Since IP
does not have an inbuilt mechanism for sending error and control messages. It depends
on Internet Control Message Protocol(ICMP) to provide error control.
ICMP is used for reporting errors and management queries. It is a supporting protocol
and is used by network devices like routers for sending error messages and operations
information. For example, the requested service is not available or a host or router
could not be reached.
Uses of ICMP
ICMP is used for error reporting if two devices connect over the internet and some
error occurs, So, the router sends an ICMP error message to the source informing
about the error. For Example, whenever a device sends any message which is large
enough for the receiver, in that case, the receiver will drop the message and reply back
ICMP message to the source.
Another important use of ICMP protocol is used to perform network diagnosis by
making use of traceroute and ping utility. We will discuss them one by one.
Traceroute: Traceroute utility is used to know the route between two devices
connected over the internet. It routes the journey from one router to another, and a
traceroute is performed to check network issues before data transfer.
Ping: Ping is a simple kind of traceroute known as the echo-request message, it is
used to measure the time taken by data to reach the destination and return to the source,
these replies are known as echo-replies messages.
How Does ICMP Work?
ICMP is the primary and important protocol of the IP suite, but ICMP isn’t associated
with any transport layer protocol (TCP or UDP) as it doesn’t need to establish a
connection with the destination device before sending any message as it is a
connectionless protocol.
The working of ICMP is just contrasting with TCP, as TCP is a connection-oriented
protocol whereas ICMP is a connectionless protocol. Whenever a connection is
established before the message sending, both devices must be ready through a TCP
Handshake.
ICMP packets are transmitted in the form of datagrams that contain an IP header with
ICMP data. ICMP datagram is similar to a packet, which is an independent data entity.
ICMP Packet Format
ICMP header comes after IPv4 and IPv6 packet header.

ICMPv4 Packet Format

In the ICMP packet format, the first 32 bits of the packet contain three fields:
Type (8-bit): The initial 8-bit of the packet is for message type, it provides a brief
description of the message so that receiving network would know what kind of
message it is receiving and how to respond to it. Some common message types are as
follows:
 Type 0 – Echo reply
 Type 3 – Destination unreachable
 Type 5 – Redirect Message
 Type 8 – Echo Request
 Type 11 – Time Exceeded
 Type 12 – Parameter problem
Code (8-bit): Code is the next 8 bits of the ICMP packet format, this field carries
some additional information about the error message and type.
Checksum (16-bit): Last 16 bits are for the checksum field in the ICMP packet
header. The checksum is used to check the number of bits of the complete message
and enable the ICMP tool to ensure that complete data is delivered.
The next 32 bits of the ICMP Header are Extended Header which has the work of
pointing out the problem in IP Message. Byte locations are identified by the pointer
which causes the problem message and receiving device looks here for pointing to the
problem.
The last part of the ICMP packet is Data or Payload of variable length. The bytes
included in IPv4 are 576 bytes and in IPv6, 1280 bytes.
ICMP in DDoS Attacks
In Distributed DOS (DDoS) attacks, attackers provide so much extra traffic to the
target, so that it cannot provide service to users. There are so many ways through
which an attacker executes these attacks, which are described below.

Ping of Death Attack

Whenever an attacker sends a ping, whose size is greater than the maximum allowable
size, oversized packets are broken into smaller parts. When the sender re-assembles
it, the size exceeds the limit which causes a buffer overflow and makes the machine
freeze. This is simply called a Ping of Death Attack. Newer devices have protection
from this attack, but older devices did not have protection from this attack.

ICMP Flood Attack

Whenever the sender sends so many pings that the device on whom the target is done
is unable to handle the echo request. This type of attack is called an ICMP Flood
Attack. This attack is also called a ping flood attack. It stops the target computer’s
resources and causes a denial of service for the target computer.

Smurf Attack

Smurf Attack is a type of attack in which the attacker sends an ICMP packet with a
spoofed source IP address. These type of attacks generally works on older devices like
the ping of death attack.
Types of ICMP Messages
Type Code Description

0 – Echo Reply 0 Echo reply

0 Destination network unreachable

3 – Destination
1 Destination host unreachable
Unreachable

2 Destination protocol unreachable

 Type Code Description

3 Destination port unreachable

4 Fragmentation is needed and the DF flag set

5 Source route failed

0 Redirect the datagram for the network

1 Redirect datagram for the host

5 – Redirect Message
Redirect the datagram for the Type of Service
2
and Network

3 Redirect datagram for the Service and Host

8 – Echo Request 0 Echo request

9 – Router
0
Advertisement
Use to discover the addresses of operational
routers
10 – Router Solicitation 0

0 Time to live exceeded in transit

11 – Time Exceeded
1 Fragment reassembly time exceeded.

0 The pointer indicates an error.

 Type Code Description

1 Missing required option

12 – Parameter
Problem 2 Bad length

13 – Timestamp 0 Used for time synchronization

14 – Timestamp Reply 0 Reply to Timestamp message

Source Quench Message

A source quench message is a request to decrease the traffic rate for messages sent to
the host destination) or we can say when receiving host detects that the rate of sending
packets (traffic rate) to it is too fast it sends the source quench message to the source
to slow the pace down so that no packet can be lost.

Source Quench Message

ICMP will take the source IP from the discarded packet and inform the source by
sending a source quench message. The source will reduce the speed of transmission
so that router will be free from congestion.
 Source Quench Message with Reduced Speed

When the congestion router is far away from the source the ICMP will send a hop-by-
hop source quench message so that every router will reduce the speed of transmission.
Parameter Problem
Whenever packets come to the router then the calculated header checksum should be
equal to the received header checksum then only the packet is accepted by the router.

Parameter Problem

If there is a mismatch packet will be dropped by the router.

ICMP will take the source IP from the discarded packet and inform the source by
sending a parameter problem message.
Time Exceeded Message

Time Exceeded Message

When some fragments are lost in a network then the holding fragment by the router
will be dropped then ICMP will take the source IP from the discarded packet and
informs the source, of discarded datagram due to the time to live field reaching zero,
by sending the time exceeded message.
Destination Un-reachable
The destination is unreachable and is generated by the host or its inbound gateway to
inform the client that the destination is unreachable for some reason.

Destination Un-reachable
There is no necessary condition that only the router gives the ICMP error message
time the destination host sends an ICMP error message when any type of failure (link
failure, hardware failure, port failure, etc) happens in the network.
Redirection Message
Redirect requests data packets are sent on an alternate route. The message informs a
host to update its routing information (to send packets on an alternate route).

Example: If the host tries to send data through a router R1 and R1 sends data on a
router R2 and there is a direct way from the host to R2. Then R1 will send a redirect
message to inform the host that there is the best way to the destination directly through
R2 available. The host then sends data packets for the destination directly to R2.
The router R2 will send the original datagram to the intended destination.
But if the datagram contains routing information then this message will not be sent
even if a better route is available as redirects should only be sent by gateways and
should not be sent by Internet hosts.
Internet Protocol version 6 (IPv6)
IPv6 was developed by Internet Engineering Task Force (IETF) to deal with the
problem of IPv4 exhaustion. IPv6 is a 128-bits address having an address space of
2128, which is way bigger than IPv4. IPv6 use Hexa-Decimal format separated by
colon (:) .

Components in Address format :

1. There are 8 groups and each group represents 2 Bytes (16-bits).

2. Each Hex-Digit is of 4 bits (1 nibble)
3. Delimiter used – colon (:)

Need for IPv6:

The Main reason of IPv6 was the address depletion as the need for electronic devices
rose quickly when Internet Of Things (IOT) came into picture after the 1980s &
other reasons are related to the slowness of the process due to some unnecessary
processing, the need for new options, support for multimedia, and the desperate need
for security. IPv6 protocol responds to the above issues using the following main
changes in the protocol:
1. Large address space
An IPv6 address is 128 bits long .compared with the 32 bit address of IPv4, this is a
huge(2 raised 96 times) increases in the address space.
2. Better header format
IPv6 uses a new header format in which options are separated from the base header
and inserted, when needed, between the base header and the upper layer data . This
simplifies and speeds up the routing process because most of the options do not need
to be checked by routers.
3. New options
IPv6 has new options to allow for additional functionalities.
4. Allowance for extension
IPv6 is designed to allow the extension of the protocol if required by new
technologies or applications.
5. Support for resource allocation
In IPv6,the type of service field has been removed, but two new fields , traffic class
and flow label have been added to enables the source to request special handling of
the packet . this mechanism can be used to support traffic such as real-time audio
and video.
6. Support for more security
The encryption and authentication options in IPv6 provide confidentiality and
integrity of the packet.
In IPv6 representation, we have three addressing methods :
Unicast
 Multicast
 Anycast
Addressing methods

1. Unicast Address
Unicast Address identifies a single network interface. A packet sent to a unicast
address is delivered to the interface identified by that address.

2. Multicast Address
Multicast Address is used by multiple hosts, called as groups, acquires a multicast
destination address. These hosts need not be geographically together. If any packet is
sent to this multicast address, it will be distributed to all interfaces corresponding to
that multicast address. And every node is configured in the same way. In simple
words, one data packet is sent to multiple destinations simultaneously.

3. Anycast Address
Anycast Address is assigned to a group of interfaces. Any packet sent to an anycast
address will be delivered to only one member interface (mostly nearest host
possible).

Note: Broadcast is not defined in IPv6.

Types of IPv6 address:

We have 128 bits in IPv6 address but by looking at the first few bits we can identify
what type of address it is.
 Prefix Allocation Fraction of Address Space

0000 0000 Reserved 1/256

0000 0001 Unassigned (UA) 1/256

0000 001 Reserved for NSAP 1/128

0000 01 UA 1/64

0000 1 UA 1/32

0001 UA 1/16

001 Global Unicast 1/8

010 UA 1/8

011 UA 1/8

100 UA 1/8

101 UA 1/8

110 UA 1/8

1110 UA 1/16
 Prefix Allocation Fraction of Address Space

1111 0 UA 1/32

1111 10 UA 1/64

1111 110 UA 1/128

1111 1110 0 UA 1/512

1111 1110 10 Link-Local Unicast Addresses 1/1024

1111 1110 11 Site-Local Unicast Addresses 1/1024

1111 1111 Multicast Address 1/256

Note: In IPv6, all 0’s and all 1’s can be assigned to any host, there is not any
restriction like IPv4.

Provider-based Unicast address :

These are used for global communication.

The First 3 bits identify it as of this type.

Registry Id (5-bits): Registry Id identifies the region to which it belongs. Out of 32
(i.e. 2^5), only 4 registry IDs are being used.
Provider Id: Depending on the number of service providers that operate under a
region, certain bits will be allocated to the Provider Id field. This field need not be
fixed. Let’s say if Provider Id = 10 bits then Subscriber Id will be 56 – 10 = 46 bits.
Subscriber Id: After Provider Id is fixed, the remaining part can be used by ISP as a
normal IP address.
Intra Subscriber: This part can be modified as per the need of the organization that
is using the service.

Geography based Unicast address :

Global routing prefix: Global routing prefix contains all the details of Latitude and
Longitude. As of now, it is not being used. In Geography-based Unicast address
routing will be based on location.
Interface Id: In IPv6, instead of using Host Id, we use the term Interface Id.

Some special addresses:

Unspecified
Loopback

IPv4 Compatible

IPv4 mapped

Local Unicast Addresses :

These are of two types: Link-local and Site-Local
1. Link-local address:

A link-local address is used for addressing a single link. It can also be used to
communicate with nodes on the same link. The link-local address always begins
with 1111111010 (i.e. FE80). The router will not forward any packet with Link-local
address.
2. Site local address:

Site local addresses are equivalent to a private IP address in IPv4. Likely, some
address space is reserved, which can only be routed within an organization. The first
10-bits are set to 1111111011, which is why Site local addresses always begin with
FEC0. The following 32 bits are Subnet IDs, which can be used to create a subnet
within the organization. The node address is used to uniquely identify the link;
therefore, we use a 48-bits MAC address here.

Advantages of IPv6 :
1. Realtime Data Transmission : Realtime data transmission refers to the process
of transmitting data in a very fast manner or immediately. Example : Live streaming
services such as cricket matches, or other tournament that are streamed on web
exactly as soon as it happens with a maximum delay of 5-6 seconds.
2. IPv6 supports authentication: Verifying that the data received by the receiver
from the sender is exactly what the sender sent and came through the sender only not
from any third party. Example : Matching the hash value of both the messages for
verification is also done by IPv6.
3. IPv6 performs Encryption: Ipv6 can encrypt the message at network layer even
if the protocols of application layer at user level didn’t encrypt the message which is
a major advantage as it takes care of encryption.
4. Faster processing at Router: Routers are able to process data packets of Ipv6
much faster due to smaller Base header of fixed size – 40 bytes which helps in
decreasing processing time resulting in more efficient packet transmission. Whereas
in Ipv4, we have to calculate the length of header which lies between 20-60 bytes.