The Internet Protocol

Let’s learn about the famous IP

Unit Goals

To understand the basics of IP, from addressing to routing, and a bit about related protocols.

What IP is

IP is the Internet Protocol, the one and only one protocol used for routing between (possibly heterogeneous) networks on the Internet.

Highlights:

IP allows the transport layer not to have to care at all about how the data gets from source to destination. It does, however, leave details like congestion control and retransmission (if needed) to the transport layer.

There are two versions in use today: IPv4 and IPv6.

IPv4 Addresses

In IPv4, addresses are 32 bits wide. For example:

    10011101111100100100011101101001

We don’t actually write the binary; we write either a 32-bit hex value, a 32-bit decimal value, or a numbers-and-dots expression. Examples:

Hex8-8-8-88-8-168-2432
0x7f000001127.0.0.1127.0.1127.12130706433
0x9df24622157.242.70.34157.242.17954157.158776662649900578
0x68c7f0d3104.199.240.211104.199.61651104.131033151757933779

The 8-8-8-8 (dotted-quad) is by far the most popular. So much so, the others are not very well known!

Exercise: Can you mix hex and dots?
Exercise: (Research) How standard are the non 8-8-8-8 notations? Is there an RFC that states that all of the above forms are legal, or is it left to implementations? All notations above are supported by inet_aton. But is this function “official”?
Exercise: Suppose a network programmer thought that that the only legal format was 8-8-8-8. What sorts of software vulnerabilities might they unwittingly introduce?

IPv4 Address Components

The whole point of internets is that the address has a network part and a host part. We indicate this with a slash. The number after the slash tells how many of the (leftmost) bits is for the network part.

For historical reasons, this notation is called CIDR Notation.

Example: Here are three examples:
NotationBinaryNetworkHost
157.211.63.12/2410011101110100110011111100001100157.211.63.0/2412
202.155.11.6/811001010100110110000101100000110202.0.0.0/8155.11.6
54.123.254.15/200011011001111011111111100000111154.123.240.0/2014.15
/32

A value ending in /24 indicates a network with 255 addresses, and a value ending in /20 indicates a network with 4096 addresses. What about /32? That’s used to indicate a single host.

By convention, there is never a host numbered 0 on a network; that is reserved to denote the network itself. And there is never a host whose binary representation is all 1s; that is used to denote a broadcast.

Here’s an example:

ipexample.png

Make sure you can, when given a network specification, determine the range of addresses. For example:

NetworkFirst HostLast HostBroadcast
130.5.88.0/25130.5.88.1130.5.89.254130.5.89.255
205.5.30.224/28205.5.30.225205.5.30.238205.5.30.239
Exercise: For the following networks, give the IPv4 address of the first host, the last host, and the broadcast:
  • 123.11.6.0/24
  • 6.128.0.0/14
  • 8.0.0.0/8
  • 16.3.192.0/22
  • 111.255.30.160/27
Work these out by hand. After you work these out by hand, write a Python script to compute these values for an arbitrary input to check your work, if you like.
Exercise: How many addresses are in a /24 block? In a /19 block? In a /27? In a /29? In a /26? In an /8?

Special IPv4 Addresses

Some IPv4 addresses have special meaning. Here are some:

0.0.0.0Refers to the current host (self)
0/8No addresses allowed here (16777216 addresses shot)
127/8Network prefix for loopback. If you send a packet to any address in this net, your networking software will not send the packet out; it just returns the packet to you. Great for testing (but another 16,777,216 addresses shot).
Host part all onesDirect Broadcasst. For example, on net 150.290/16, the address 150.290.255.255 broadcasts to all hosts on the network.
255.255.255.255Broadcast on local network
Host part all zerosRefers to the network itself.
Network part all zerosRefers to the host on the local network. For example, on net 157.11.64.0/22, the address 0.0.1.6 refers to 157.11.65.6.
10/8
172.16/12
192.168/16
Reserved for private internets. Routers on the public Internet will discard packets addressed to any of these addresses.
Exercise: Give the host ranges for each of the private IPv4 blocks.

Pro Tip: You really should memorize the private IPv4 blocks.

IPv6 Addresses

In IPv6, addresses are 128 bits wide. By convention, we write them as eight colon-separated hextets (always lowercase for hex!), with a couple shorthands if you like: leading zeros in a hextet can be dropped, and a single consecutive range of 0000 hextets can be replaced with ::.

Example: Here are some addresses stolen from Wikipedia:
  • 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • 2001:db8:85a3:0:0:8a2e:370:7334
  • 2001:db8:85a3::8a2e:370:7334
  • 0:0:0:0:0:0:0:1
  • ::1
Exercise: What is the reason for only allowing a single range of zero-hextets to be elided? In other words, what is WRONG with 94cf::bbc0::82:1?
Classwork

Give the shorthand IPv6 addresses for:

  • 0072:0000:0002:0000:0000:0000:0000:0000
  • 9ffc:0000:0000:5000:0000:1333:8888:8888:8888
  • 2345:6789:abcd:efff:0011:0002:0333:000a

You might sometimes see IPv6 addresses with the last 32 bits written as a dotted quad.

Special IPv6 Addresses

::Unspecified Address
::1The loopback address
::ffff:0:0/96IPv4 mapped addresses
::ffff:0:0:0/96IPv4 translated addresses
64:ff9b::/96IPv4/IPv6 translation
100::/64Discard Prefix
2001::/32Teredo Tunneling
2001:20::/28ORCHIDv2
2001:db8::/32For documentation and examples
2002::/166to4 (deprecated)
fc00::/7Unique local address
fe80::/10Link-local address
ff00::/8Multicast address

For detailed information on each of these, see Wikipedia.

Packet Formats

Here is the IPv4 format:

0
0
0
1
0
2
0
3
0
4
0
5
0
6
0
7
0
8
0
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Version IHL DSCP ECN Total Length
Identification Flags Fragment Offset
TTL Protocol Header Checksum
Source IP Address
Destination IP Address
Options (if IHL > 5)

Body


Highlights (see the RFCs for details):

IPv6 packets not only take advantage of 128-bit addresses, but the packets themselves are much simpler:

0
0
0
1
0
2
0
3
0
4
0
5
0
6
0
7
0
8
0
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source IP Address



Destination IP Address



Additional headers (if any)

Body


Highlights (see the RFCs for details):

Routing

A router’s job is to send a packet to the next hop, by looking at the destination address.

Basic idea: if the destination address is on my network, send it directly. If not, send it to one of the routers. This is best understood by looking at an example and considering routing tables, which each host has.

iproutingexample.png

Informally the routing table for the router at the top of this diagram is:

Destination NetworkNext Hop
25.17.128.0/18Deliver Direct
123.5.6.0/24Deliver Direct
15.2.5.16/28123.5.6.1
8.0.0.0/8Deliver Direct
192.169.1.0/248.0.75.1
Anywhere else8.0.1.1

In real life, routing tables don’t store slashes, they store...netmasks! Also, a single router has multiple interfaces. For now, let’s call our router’s interfaces eth0, eth1, and eth2. A more accurate routing table would be:

Destination NetworkInterfaceNext Hop
Base IPNetmask
25.17.128.0255.255.192.0eth0Deliver Direct
123.5.6.0255.255.255.0eth2Deliver Direct
15.2.5.16255.255.255.240eth2123.5.6.1
8.0.0.0255.0.0.0eth1Deliver Direct
192.169.1.0255.255.255.0eth18.0.75.1
0.0.0.00.0.0.0eth18.0.1.1

Here’s how it works:

Note how the last entry in that table (all zeros for base and netmask) works so beautifully.

Individual hosts have routing tables too. For example, the host 123.5.6.100 might have this table:

Destination NetworkInterfaceNext Hop
Base IPNetmask
127.0.0.0255.0.0.0local
123.5.6.200255.255.255.255local
123.5.6.0255.255.255.0eth0Deliver Direct
15.2.5.16255.255.255.240eth0123.5.6.1
0.0.0.00.0.0.0eth0123.5.6.3

We can simplify the table, really, leaving the 127/8 loopback address and the host’s own IP out of the table and have that logic wired into the software (or firmware). If we do that, we don’t need an entry for the interface, because all remaining entries would implicitly have the same router.

Exercise: What are the pros and cons of using a simplified table instead of the larger one?

Netmasks

Remember why we have a network part and a host part? It’s so we can identify which other hosts are on our local network, so we don’t have to send packets to a router. For example, if we’re the host 30.19.200.55/25, then what do we do with a packet 30.19.200.188? Is that host on our network or do we have to send the packet to a router?

To answer the question, we just have to figure out “do the initial 25 bits match?” How can we do this quickly? We can bitwise AND each address with 0xFFFFFF80 (the value with the first 25 bits of 1 and the rest 0) and see if we get the same result in both cases. Let’s see:

        30 .  19 . 200 .  55             30 .  19 . 200 . 188
  AND  255 . 255 . 255 . 128       AND  255 . 255 . 255 . 128
        30 .  19 . 200 .   0             30 .  19 . 200 . 128

so no, they are not!

As an aside, note that network professionals can intuitively move between slashes and netmasks, as they’ve memorized the following:

CIDRNetmaskNumber of addresses
/00.0.0.0The whole Internet (meaningless)
/1128.0.0.0Half the Internet
/2192.0.0.0Quarter of the Internet
/3224.0.0.0536870912
/4240.0.0.0268435456
/5248.0.0.0134217728
/6252.0.0.067108864
/7254.0.0.033554432
/8255.0.0.016777216
/9255.128.0.08388608
/10255.192.0.04194304
/11255.224.0.02097152
/12255.240.0.01048576
/13255.248.0.0524288
/14255.252.0.0262144
/15255.254.0.0131072
/16255.255.0.065536
/17255.255.128.032768
/18255.255.192.016384
/19255.255.224.08192
/20255.255.240.04096
/21255.255.248.02048
/22255.255.252.01024
/23255.255.254.0512
/24255.255.255.0256
/25255.255.255.128128
/26255.255.255.19264
/27255.255.255.22432
/28255.255.255.24016
/29255.255.255.2488
/30255.255.255.2524 (only two real hosts)
/31255.255.255.2542 (useless, since one addr is for net and other for broadcast)
/32255.255.255.2551 (used to identify a single host! Cool, right?)

Related Protocols

ICMP

This is the Internet Control Message Protocol, used by routers to send informational messages and error messages. See Wikipedia for details.

BGP

This is the Border Gateway Protocol, used by routers to send reachability and other routing information to each other. See Wikipedia for details.

Summary

We’ve covered:

  • Characteristics of IP
  • IPv4 Addresses
  • IPv6 Addresses
  • Packet Formats
  • Routing
  • Related Protocols