CS402 Study Guide

Unit 5: The Network Layer


5a. Explain the correct network layer protocol to perform packet forwarding using both IPv4 and IPv6

  • What is the key function of the Network, or IP, Layer in the TCP/IP architecture?
  • Name some of the differences between an IPv4 address and an IPv6 address.

The network layer is the part of the TCP/IP architecture that is responsible for establishing, maintaining, and ending a communications path between nodes. It provides the functions for routing information to the destination node. Key functions of the network layer are:

  • determining best routes to use according to protocol being used;
  • ensuring that packets are directed toward their destination;
  • recording errors and notifying the transport layer of unrecoverable errors; and
  • creating control messages for line connection and termination requests.

The network layer is present in both routers and end systems across the network, though routers do not need to implement layers above the network layer. This is done by splitting the segments given by the transport layer and adding a network layer header. The network layer header for IPv4 is:


  • Version (4 bits): set to 4
  • Internet header length (IHL) (4 bits): length of header in 32-bit (4-byte) words. For example, a value of 5 here indicates that the header length is 5 x 4 = 20 bytes. This happens to be the minimum value you will find here. The maximum is 15 which means that the header is 60 bytes long.
  • Type of Service (TOS) (8 bits): provides guidance to end systems IP modules and to routers along the datagram's path
  • Total Length (16 bits): total data unit length, including header, in octets
  • Identifier (16 bits): together with source address, destination address, and user protocol, intended to uniquely identify a datagram
  • Flags (3 bits): the More Fragment bit is used to indicate that fragmentation has occurred and reassembly is needed; the Don't Fragment bit is used to prohibit fragmentation; the third bit is not currently used
  • Fragment Offset (13 bits): indicates where in the datagram this fragment belongs, measured in 64-bit units
  • Time to live (8 bits): measured in router hops
  • Protocol (8 bits): indicates the next level protocol which is to receive the data field at the destination
  • Header checksum (16 bits): frame check sequence on the header only; since some header fields may change, this is re-verified and recomputed at each router
  • Source address (32 bits): indicate the source network and host number
  • Destination address (32 bits): indicate the destination network and host number
  • Options (variable): encodes the options requested by the sender, such as security, strict source routing, loose source routing, record route, and timestamp
  • Padding (variable): used to ensure that the internet header ends on a 32 bit boundary
  • Data (variable): must be a multiple of eight bits in length – the total length of the data field plus header is a maximum of 65,535 octets

Although techniques like subnetting, supernetting, and NAT allowed for the IPv4 address space to improve the efficiency and addressable entities in the internet, in the mid-1990s, the IETF concluded that it was only a matter of years until IPv4 would collapse. This is especially relevant today, since we are quickly moving toward the IoT ("Internet of Things"), where every single item in your house could theoretically have its own IP address. In July of 1993, the IETF created the IPng ("new generation") directorate. In 1994, the directory selected the IPng architecture as defined in RFC 1752. They took advantage of that change to make IPv6 more efficient in the following ways:

  • Increase IP address from 32 bits to 128
  • Add flexibility by using fixed-size 40-octet header, followed by optional extension headers
    • Longer header but fewer fields (8 vs 12), so routers should have less processing
  • Accommodate higher network speeds, mix of data streams (graphics, video, audio)
  • Support QoS and flow labeling

The IPv6 header looks like this:


  • Version (4 bits): value is 6
  • Traffic class (8 bits): available for use by originating nodes and/or forwarding routers to identify and distinguish between different classes of priorities of IPv6 packets
  • Flow label (20 bits): may be used by a host to label those packets for which it is requesting special handling by routers within a network
  • Payload length (16 bits): the total length of all of the extension headers plus the transport-level PDU
  • Next header (8 bits): identifies the type of header immediately following the IPv6 header; this will either be an IPv6 extension header or a higher-layer header, such as TCP or UDP
  • Hop limit (8 bit): the remaining number of allowable hops for this packet; decreases by one for each node that forwards the packet, and discarded if it reaches zero
  • Source address (128 bits): the address of the source machine
  • Destination address (128 bits): the intended recipient – this may not be the ultimate destination if a routing header is present

To have a better idea of how immense that address space is, consider this: if a block of 1 million addresses is allocated every picosecond (10-12 seconds or 1 trillionth of a second), it would take 1013 years to use every address in the address space. That is 1000 times the age of the universe. If the entire Earth, both land and water, were covered with computers, IPv6 would still allow 7 × 1023 IP addresses per square meter: almost one for every molecule on Earth.

The IPv6 datagram format, when no extension headers are added, resembles the old IPv4 format, where the "Next" field becomes the "Protocol" field from IPv4:

The "Next" field contains the value 06, which is the value for TCP. Following the IPv6 header, we will just see the TCP header. The value for UDP is 11.

The situation will change if there are extension headers, such as when the packet requires routing information. In that case, a routing extension header will be added and the format will look like this:

The "Next" field in the base header now points to the Routing extension header. The value for routing is 43 in decimal, but you will see it as 2B (in hex). The routing extension header will also have a "Next" field, and it will point directly to the TCP header with a value of 06. This is more effective than IPv4, when the routing information was always included, whether or not there was a need to route the packet. In IPv6, extension headers are only included if they are actually used.

Possible extensions header values (shown here in decimal) are:

  • 00: hop by hop options
  • 43: Routing
  • 44: Fragmentation
  • 50: ESP header as defined by IPsec
  • 51: AH header as defined by IPsec
  • 60: Destination options
  • 59: Used by an extension header to indicate that there are no more headers to come

IPv4 and IPv6 are covered in Internet Protocol. If you would like to go into more detail, read RFC 1752, which is available on the IETF website. If you would like to see a full list of extension header values, read List of IP Protocol Numbers.


5b. Configure and illustrate IP addressing and explain its purpose, on both IPv4 and IPv6 networks

  • Translate IPv4 address to an IPv6 address
  • What network does the IP address with a mask of belong to?

IPv4 addresses are 4 bytes long and are normally accompanied by a mask. The question above asks about an address belonging to the that has a simple mask.

The established format to represent an IPv6 address is to arrange the address into groups of 2 bytes using hexadecimal numbers, as opposed to the dotted decimal notation of IPv4 address (4 bytes in decimal separated by dots). To translate an IPv4 address to IPv6, you need to add as a prefix (10 bytes of 0s) and then 2 bytes of 1 (in hex), followed by the 4 bytes of IPv4 address, also expressed in hex.

As an example, the IPv4 address translates to 0:0:0:0:0:ffff:505:505 in IPv6, using the "compression" technique. The "compression" technique means that bytes of 0s are represented by a single 0 enclosed by colons. Also, leading 0s are always compressed. That is why in this example, :505 means two bytes, 05 and 05. The ffff section is for two bytes of hex ff, which is all 1s in binary.

An IPv6 system that receives an address with that prefix knows that it is an IPv4 being tunneled through an IPv6 network. IPv6 supports unicast, multicast and anycast addresses.

To review, see IP version 6.


5c. Compare and contrast Classless Interdomain Routing (CIDR) with subnetting activities within the network layer

  • A customer needs at least 4000 addresses for their network. A block of addresses is available starting with Could you use that block of addresses by applying CIDR? Why or why not?
  • What is the subnet for the address What is the first available host address, last available host address, and broadcast address for that subnet?

The subnetting and supernetting techniques were developed early on in the evolution of networking. Subnetting is the process of taking a big, classful network and dividing it into smaller subnetworks by increasing the number of bits representing the network. Supernetting is the opposite process, where the number of hosts in a network is increased by increasing the number of bits representing the host, regardless of the class of the network. That is why supernetting is referred to as Classless Interdomain Routing, or CIDR.

To use CIDR, you need as many contiguous bits as necessary to provide the required number of addresses. If you need 1000 addresses, you need 10 contiguous bits, since 210 = 1024. This would give you a little bit more than the 1000 you need, but is the closest you can go. 9 bits would only provide 512 addresses, and 11 bits would provide 2048 addresses.

You can take bits away from the host portion of the address to create subnets. A mask of 19 applied to a class B address would take 3 bits from the third byte to generate additional subnets. The first 2 bytes of a class B address are normally used to represent the network, and are followed by the host number in the third and fourth bytes. A classful address will generate a total of 65534 (216 - 2) host addresses. Taking 3 bits from the third byte will produce 8 different subnets, each with only 8190 (213 - 2) addresses available for hosts. This is plenty for most users. You then subtract 2 from the grand total, since you need to reserve the all-0s case for the network address, and the all-1s for the broadcast address. The /19 mask will generate the 0, 32, 64, 96, 128, 160, 192 and 224 subnets. The network for the case of would be, the first address for a host would be, the last address for a host would be, and the broadcast address would be

Remember that you can freely talk with members of the same subnet as you. However, to connect with a host in a different subnet, you need to go through a router. When you can't get a connection between a host and a remote host, always ask yourself if they are both in the same network. If not, check to see if you have a default gateway (router) configured, and if so, whether your machine and the default gateway are configured in the same subnet.

This is explained in detail in Supernetting and Subnetting. Additional information can be found in IP Version 4.


5d. Use protocols like Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and Network Address Translation (NAT) to manage IP address assignment, re-assignment, and resolution

  • You never configured your PC with any IP address or default gateway, but the "ipconfig" command shows an IP address of, a netmask of and a default gateway of You issue an "arp -a" command, and see that, except for the default gateway, the ARP table is empty. How did your PC obtain its IP address, mask, and default gateway? If you issue a command like "ping", what would your computer do first?
  • What is NAT overload?

In the early days of networking, protocols like the bootstrap protocol (BOOTP) were developed to automatically assign IP addresses to a machine from a database of available IP addresses of the organization. When a PC was first installed into the network, it would automatically connect with the BOOTP server to dynamically obtain its network configuration details. That meant that the end-user did not need to know or find their address or other configuration details. The Dynamic Host Configuration Protocol replaced BOOTP for dynamically assigning IP addresses, masks, and default gateways to hosts, and works by connecting to a DHCP server reachable by the PC. DHCP is a big time saver, since it means that end-users or network administrators do not need to manually configure that information.

PCs always talk at the data link level. In other words, regardless of its IP address, the PC needs to encapsulate any frame destined to any other PC within a data link layer header with a destination MAC address (which is on layer 2, the data link layer) of the intended recipient. If the intended recipient lies in a different network or subnet, the packet must be encapsulated with the MAC address of the router (or default gateway) and sent to it to be routed appropriately.

How do source machines know the MAC address of the intended destination? An obvious answer would be to just manually configure those addresses in the PC. However, that would be time-consuming and prone to errors. The Address Resolution Protocol, or ARP, handles the process of obtaining MAC addresses of intended destinations automatically. When you ping, the first thing the PC does is issue an ARP request for the default gateway. It realizes that, based on the mask, the destination is in a different subnet. The default gateway should respond with its own MAC address. Once the sending PC knows that, it encapsulates the ping (ICMP) command with a DLL header with a destination MAC of the default gateway. If you pinged, the sending machine would send an ARP request to directly find the MAC address for since both addresses are in the same subnet.

Network Address Translation, NAT, on the other hand, is a switch-specific protocol designed to allow for a big organization to have multiple internal, non-public addresses and still be able to connect with outside, public addresses in the network. Simple one-to-one NAT translation is accomplished using a simple table that maps single internal addresses to single external addresses, such as:

Notice that there are three internal non-public addresses all connected to different HTTP servers, and each of them is mapped to a single external address.

For many-to-one mapping, port address translation (or PAT) is used, also known as NAT Overload. This is a dynamic NAT that allows for multiple private addresses to be translated with a single public address by using a port/IP address combination to identify the particular address mapping. An example could be something like this:

In this table, at least two inside (private) addresses map to the same outside (public) address. Two inside hosts are connected to the same HTTP server and the router uses NAT overload (PAT) to uniquely map the traffic of each one with the server.

These are two simple examples. In the real world, inside local, inside global, outside local, and outside global maps like this are common, especially with Cisco Routers.

NAT is explained in detail in NAT.


5e. Illustrate the use of Interior Routing Protocols based on shortest path, distance vector, and link-state routing models

  • What routing protocol suffers from the "count to infinity" problem?
  • What routing protocol requires the flooding of short messages with neighbor information throughout the network?

Distance vector routing is the oldest routing algorithm, and is not used often today. In this method, each router keeps a table indexed by each router in the subnet, and contains one entry per router. Each entry contains two parts: the preferred outgoing line and the distance to that destination. Periodically, each router sends each of its neighbors an updated list of its estimated distance to each destination in the whole network, and receives a similar one from its own neighbors. This information is used to update its internal table with the preferred route to any given destination using the Bellman-Ford and Ford-Fulkerson algorithms.

When using link-state routing, each router determines who its neighbors are and the cost to get to them. Once that information is available, the router builds a link-state advertisement (LSA). At predetermined intervals, these LSAs are flooded through the whole network. Each router in the network grabs the LSA and uses Dijkstra's algorithm to construct the shortest path to all possible destinations.

Distance vector lost popularity because it suffers from the "count to infinity" problem. Depending on network topology, routers could fall into an endless loop, where information is exchanged back and forth indefinitely as if "counting to infinity". Solutions have been suggested for this problem, like the split-horizon algorithm and split horizon with poison reverse algorithms. However, split horizon does not always work as expected, so most networks today use link-state routing, which is more reliable. Link state has the disadvantage that LSAs must be flooded through the whole network, which can cause high traffic and congestion. However, several techniques are used to deal with this problem, such as splitting up the network into hierarchical areas.

To review, see Routing in IP Networks.


5f. Compare and contrast interior routing protocols like Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) with exterior routing protocols like Border Gateway Protocol (BGP)

  • What distance metric is used by routing protocols like RIP, OSPF, and BGP?
  • What routing technique is used by RIP, OSPF, and BGP?

An autonomous system (AS) is a group of routers that exchange information via a common routing protocol. An AS is composed of a set of routers and networks managed by a single organization. The protocol used to pass routing information between routers within the same AS is called an interior routing protocol (IRP). Examples of IRPs are open protocols like RIP and OSPF and proprietary protocols like Cisco's EIGRP. The protocols used to pass information between routers in different ASes are called exterior routing protocols (ERP). One example of an ERP is the border gateway protocol, or BGP.

The routing information protocol, or RIP, was developed in the 1980s to support the growing number of networks. It used the distance vector algorithm. It had inherent problems when used for larger networks – since it used the number of hops required to reach a host as a metric, problems like the count to infinity started to become common as networks grew. RIP needed to adapt, and the first "solution" to the count to infinity problem was to define 16 as the infinity metric. So, in a RIP exchange, a distance metric that would grow to 16 was considered to be infinity, and that router was assumed to be unreachable. Of course, this limited the diameter of networks to no more than 15 hops. The current version of RIP is RIPng, which is an extension of RIPv2 to support IPv6.

Open short path first, or OSPF, was introduced in 1990 as a more efficient protocol that would avoid the inherent limitations of RIP. OSPF uses a link-state routing algorithm that does not suffer from the count to infinity problem. OSPF has the additional advantage of offering a flexible routing metric based on type of service (ToS), which allows you to select routes to maximize reliability, maximize throughput, minimize monetary cost, or minimize delay. Up to 5 different routing tables can be created by each router. Link state routing requires the periodic flooding of LSA throughout the whole network, which can contribute to congestion. OSPF overcomes that limitation by dividing the full network into "areas" and flooding LSAs only in those areas.

The BGP protocol uses path-vector routing, which does not use routing metrics. Instead, routers provide information about which networks they can reach and the list of ASes that must be crossed to get there. The use of path-vector routing by BGP allows it to perform "policy routing". If a hostile AS is in a path, the router can decide to avoid that path and select a different one based on the information exchanged with its neighboring routers.

To review these protocols, see Routing in IP Networks.


5g. Use multicasting principles including addressing schemes and associated protocols

  • What address range is reserved for IP Multicast?
  • What are some of the differences between IGMPv1 and IGMPv2?

Multicasting is when a single host needs to send traffic to many but not all hosts in the network. This differs from broadcast, where one host sends to ALL hosts in the network. Theoretically, you could multicast by using multiple copies of a unicast stream. However, this would put a large burden on network resources, and would require the duplication of every frame. The group of class D addresses is reserved for multicasting applications, starting from 224 through 239. For multicasting to work, a mechanism called Internet group management protocol (IGMP) was created so that individual hosts could indicate their desire to participate or be excluded from a multicast group. A routing protocol is needed to collect data about networks containing members, paired with a routing algorithm to find the shortest path to each network containing networks. Protocols like DVMRP or PIM paired with the Reverse Path Forwarding (RPF) algorithms were developed for this. Another requirement is for a way to translate from the multicast address to an Ethernet address for transit through the L2 network.

Translation of an IP Multicast address to a L2 multicast address is a simple process. A block of MAC addresses starting with 01-00-5E has been reserved for IP multicast to Ethernet address mapping. The mapping mechanism involves placing the low order 23 bits of the Class D address into the low-order 23 bits of the reserved address block.

As an example, consider mapping the IP Multicast address to its MAC address counterpart.

To do that we first translate each part to its binary form:

First, the prefix:

01-00-5E = 0000 0001 0000 0000 0101 1110

We are translating from hex to binary for each byte. This is color-coded as blue.

Now, the address to map is: = 1110 0000 0000 0001 0000 0001 0000 0001

Here, we are translating from decimal to binary for each byte. The low-order 23 bits of the multicast address have been color coded as green.

Mapping simply involves taking the low-order green bits from the IP Multicast address and appending it to the L2 multicast prefix. Following the color coding scheme shown above, the situation will look like this:

0000 0001 0000 0000 0101 1110 0000 0001 0000 0001 0000 0001 = 01-00-5E-01-01-01 translates (or maps) to 01-00-5E-01-01-01. The 5 digits highlighted in red represent overlapping bits that have special significance as explained below.

Let's now consider the address Following a similar procedure (again with the low order 23 bits in green): = 1110 1111 1000 00010000 0001 0000 0001.

Append the green bits to the translation segment and you will get:

0000 0001 0000 0000 0101 1110 0001 0000 0001 0000 0001 = 01-00-5E-01-01-01

Interestingly enough, both IP multicast addresses translate to the same L2 address. The reason for that is that by only using the last 23 bits, there is an overlap of 5 bits, shown in red in both examples. They produce a total of 32 overlapping addresses that will translate to the same MAC address. In this example a block of addresses in this series: 224.1.1,,, … 238.1.1,,,, will all map to the same L2 address of 01-00-5F-01-01-01. One MAC address always translates to 32 different IP multicast addresses, something that must be kept in mind.

IGMP is the protocol used by routers to exchange multicast group membership over a LAN. All IGMP messages are transmitted in IP datagrams. A protocol value of 2 in the IP header means an IGMP message. The IGMP message will have a header with the format:


  • Type could be:
    • Membership Query (0x11): sent by multicast router, and has two types of queries differentiated by the group address:
      • General: to learn which groups have members on an attached network
      • Group specific: to learn if a particular group has any members on an attached network
    • V2 Membership Report (0x16): sent by host to declare membership in group
    • V1 Membership Report (0x12): for backward compatibility with V1
    • Leave Group (0x17): Sent by host to leave a group
  • Max Response Time: specifies the maximum allowed time before sending responding reports in units or 1/10 of a second (only meaningful in a membership query)
  • Checksum: same checksum algorithm used by IPv4
  • Group Address:
    • In Membership Query Message: set to zero when sending a General Query, and set to the group address being queried when sending a Group-Specific Query
    • In Membership Report or Leave Group message: valid IP multicast group address of the group being reported or group being left

During operation, each host uses the IGMP protocol to make itself known as a member of a group with a given multicast address To join a group, the host sends an IGMP membership report message with the group multicast address in the group address field and in the IP address of the packet. A multicast router periodically issues general membership query messages to maintain a valid list of active group addresses. The query is sent to the "all systems on a LAN" address,

Each time a router issues a general membership query, hosts must respond with a report message if they wish to maintain membership in the group. Hosts use a delayed-response strategy. They do not reply immediately, but after a random timer expires. The timer is started after the query is received. The host whose timer expires first will respond for a specific group. The other hosts on the LAN will suppress sending their own report after seeing the report already sent. Only one member needs to declare membership for all others to continue receiving the stream.

This is an example of an IGMP message:

Some interesting points to highlight here are:

  1. The protocol type in the IP header is set to 2, which means that it is an IGMP message and that is the next header to expect. Wireshark has already translated it for us, but if that had not been the case, you would have known that this is an IGMP message just by looking at the type field in the IPv4 header. As a review, If this field had been 1, we knew that it was an ICMP message. A 6 means that the payload is TCP and that's the next header to expect. A 17 (0x 11) means a UDP payload and so forth.
  2. This is an IGMP version 1 report (type 0x12)
  3. The source machine, is reporting membership to multicast group

The IGMP portion of another actual IGMP message looks like this:

Some interesting points to consider:

  1. The source, is sending this message to the multicast destination of, which means that it is sending it to all systems in the LAN.
  2. Type 0x11 means a query. This is sent by the multicast router to find out what group members are present.
  3. The Max Response Time is now present. Notice that the actual value that will be seen in the header is Hex 64. A quick translation shows you that Hex 64 is 100 decimal. As explained above, the number in this field is given in units of 1/10 of a second. 100 X 1/10 = 10 seconds. Fortunately, Wireshark has taken care of making this calculation for us, but that will not always be the case when you see a trace. In this case, the inquiring router will expect a response from members within 10 seconds of receiving this query.
  4. The multicast address shown here is That's because this is a general query and the router is finding what members are present. Members of all groups will send a membership report. Had it been a group-specific query you will find here the actual address that the router wants to know if there is membership. For example, if the address here had been, the router would be asking if there is anyone belonging to that group present. Only the members of would respond.

For leaving a group, IGMPv1 and IGMPv2 behave differently. With v1, the host quietly leaves the group without alerting the router. The router proceeds to send 3 general queries, 60 seconds apart. If there are still members of that multicast group present, they will respond as explained above. If no IGMP report for the group is received, the group times out. That means that the worst-case delay will be around 3 minutes. Traffic will continue flowing during that time, even though no members of that group are present.

With IGMPv2, a host that wants to leave the group must specifically advertise its intentions to the router. It does that by sending a leave message to Upon receipt of the leave message, the router sends a group-specific query to find out if there are still members in the group that require traffic to be sent. If no IGMP report is received within 3 seconds, the group times out. This is much more effective, since traffic stops flowing shortly after the last member leaves the group.

Notice that we have been talking about addresses like and Those are special cases of multicast addresses defined specifically for this task. All routers supporting IP multicast have been configured to listen and be a group member to those addresses and react accordingly.

Implementation of the Reverse Path Forwarding (RPF) Algorithm requires that, when a router receives the multicast message, it checks its unicast routing table to determine which interface produces the shortest distance back to the source. If the route is over the interface in which it was received, the router enters information into the routing table and forwards to adjacent routers except for the interface it was received on. Otherwise, the message is discarded. This mechanism ensures a loop-free tree with the shortest distance from the source to all recipients.

Two other important multicast concepts are pruning and grafting. Pruning means that If a router determines that there are no group members on their directly attached "leaf" networks (that is, it has no participants in a multicast), it will send a prune message to the upstream router to let it know that it should not forward the multicast down. This mechanism results in a smaller, more efficient spanning tree, with all "leaves" having group members. Grafting is the reverse process. If a router that previously sent a prune message determines that it needs to start receiving the multicast, it will immediately ask the group's previous-hop router by sending a grafting message. This mechanism assures quick re-establishment or previously pruned branches.

To review, see Multicasting.


5h. Use quality of service (QoS) principles and associated protocols like Multiprotocol Label Switching (MPLS)

  • What are the mechanisms available for IP to provide Quality of Service, QoS?
  • How is QoS measured?

In the early days of the internet, traffic was very different than it is today. The internet was a "best-effort service" with no traffic isolation, which meant that all packets were serviced FIFO (first in, first out). There was no guarantee of service. Even though TCP guaranteed end-to-end flow control, it did not guarantee fair sharing in the network. This encouraged greedy behaviors from unscrupulous network users. Many corrupt implementations of TCP took advantage of that flaw to obtain a better share of the network.

The traffic in today's internet can be classified as one of two classes: elastic or inelastic. Elastic traffic can adjust over wide ranges to changes in delay and throughput and still meet the needs of its applications. That was the type of traffic that the early networks were designed to carry, and QoS requirements were not stringent. Inelastic traffic, on the other hand, does not easily adapt to such changes. This type of traffic presents a new set of requirements on throughput, delay, jitter, and packet loss. This is, of course, the case with today's internet with video streaming and other real-time applications. Some applications require preferential treatment over applications with more demanding requirements. That is exactly what inelastic traffic is, but elastic traffic is still always present and must be supported.

IP QoS refers to the performance of IP packets flowing through one or more networks. It is characterized by:

  • Service availability – the reliability of user's connection
  • Delay – the interval between transmitting and receiving a packet (also called latency)
  • Delay variation – the change in duration between all packets in a stream (also known as jitter)
  • Throughput – the rate packets are transmitted at
  • Packet loss rate – the maximum rate packets can be discarded at

The huge growth in traffic has put tremendous burdens on the internet. It was not enough to increase capacity; a traffic management framework was needed. Integrated services (IS) and differentiated services (DS) were developed to deal with this.

The Integrated Services (IS) architecture, defined in RFC 1633, is concerned with providing an integrated or collective service to the set of traffic demands placed on a given domain. IS providers view the totality of the current traffic demand and limit the demand that is satisfied to that which can be handled by the current capacity of the network. Resources are reserved within the domain to provide the QoS that a particular portion of the network requires. A popular reservation protocol is the resource reservation protocol, RSVP.

RSVP is specified in RFC 2205 and is characterized by:

  • Reserves for both unicast and multicast, adapting dynamically to changes in group membership and changing routes
  • Unidirectional reservations for simplex
  • Receiver-initiated reservation
  • Maintaining soft state in the internet, since state information expires unless regularly refreshed from the entity that requested the state
  • Different reservation styles
  • Transparent operation through non-RSVP routers
  • Support for IPv4 and IPv6

The Differentiated Services (DS) framework, described in RFC 2475, does not attempt to view the total traffic demand in an overall or integrated sense, but instead is a class-based model. A DS framework does not attempt to reserve network capacity in advance. Instead, packets are marked according to the service requirement, or group to which they belong. The mark, referred to as a DS Codepoint, is added to the packet in what used to be the type of service (ToS) field of the IPv4 header or traffic class field in the IPv6 header. The service provided by network elements depends on group membership. Packets belonging to different groups are handled differently. A service level agreement (SLA) is established between the service provider and the customer prior to the use of DS. The architecture provides an aggregation mechanism whereas traffic with the same DS field is treated the same. QoS is implemented in individual routers by queuing and forwarding packets based on the DS field.

MPLS is a popular protocol to achieve a system that is similar to a DS architecture. MPLS provides traffic management and connection-oriented QoS support while speeding up the IP packet forwarding process and retaining the flexibility of an IP-based networking approach. MPLS creates tunnels known as label-switched paths (LSPs) across the network. Label-edge routers (LERs) map different classes of traffic, known as forwarding equivalence classes (FECs), to LSPs. The LER adds a label to the packet; the label indicates an LSP. Label-switching routers (LSRs) along the path forward the packets based just on the MPLS label. The LSR swaps the incoming label with an outgoing label. MPLS is characterized by the following principles:

  • Imposition of a connection-oriented framework on an IP-based internet, providing a foundation for sophisticated and reliable QoS traffic contracts
  • Simplifying the process for committing resources in such a way as to balance the load in the face of a given demand (traffic engineering)
  • Providing an efficient mechanism for supporting VPNs
  • Ability to be used with several networking technologies

Important points to consider with MPLS are:

  • LSPs can follow different paths between endpoints
  • All links can be utilized, not just shortest path
  • Traffic engineering reserves and guarantees bandwidth
  • LSPs can be set up for different levels of service

To review, see Quality of Service.


5i. Use protocols like Internet Control Message Protocol (ICMP) to configure and troubleshoot a network in both IPv4 and IPv6

  • What are the 4 variations of the "Destination Unreachable" ICMP message type?
  • Under what conditions will a router emit a "Redirect" ICMP message type?

ICMP is a supporting protocol that provides a useful troubleshooting and error reporting tool for systems in a network. ICMP sits on top of IP: the ICMP header resides on top of the IP header, just like TCP or UDP. However, it is not a transport protocol. There are a couple of applications used by end-users, like ping command or traceroute. That being said, the majority of the ICMP messages are used by routers or hosts and are transparent to the end-user.

To review, see Internet Control Message Protocol, which gives a full list of all ICMP message types with their corresponding code numbers.


Unit 5 Vocabulary

This vocabulary list includes terms and acronyms that might help you with the review items above and some terms you should be familiar with to be successful in completing the final exam for the course.

Try to think of the reason why each term is included.

  • Class A, B, C, and D IP address
  • Supernetting and Subnetting
  • CIDR
  • ARP
  • DHCP
  • Autonomous System
  • Interior Routing Protocol
  • Exterior Routing Protocol
  • Distance Vector Routing
  • Link State Routing
  • Hierarchical Routing
  • Path Vector Routing
  • RIP
  • OSPF
  • BGP
  • IP Multicasting
  • RPF
  • IGMP
  • PIM
  • QoS
  • Integrated Services
  • Differentiated Services
  • RSVP
  • MPLS
  • LSP
  • FEC
  • LER
  • LSR
  • ICMP