Is OSPF TCP or UDP


13.3 The TCP / IP protocol family

After a few half-hearted attempts to actually implement the OSI reference model using specific protocols, it was finally noticed that the Internet protocols developed years earlier can be used excellently as a flexible, scalable and universal network protocol family. The rapid expansion of the Internet and its free availability ensured that these protocols are used more frequently than any other protocol stack today.



The internet protocol stack

First of all, Figure 13.1 shows a specific version of the TCP / IP protocol stack, which was already presented in the previous chapter: The specific protocols that can work there can be seen on each level. Most of these protocols are detailed in the following sections; the network access protocols of the lowest layer have already been presented above. At the very bottom I've also given some examples of the hardware, even if it's not part of the actual TCP / IP stack.

The protocols of the network and transport layers are located between the hardware and the network access on the one hand and the application-oriented protocols on the other. Overall, all protocols that work together on the different levels of a layer model are referred to as a protocol stack or protocol family. However, the main focus of TCP / IP is on the middle two levels of the Internet protocol stack. On the one hand, you can use almost any network access, on the other hand, almost every serious network application has now been implemented for this protocol stack - apart from the classic Internet applications that were written for it anyway.

The protocols of the middle layers are responsible for ensuring that data can be reliably transmitted across different subnets or network segments or across networks that use different hardware or network access methods:

The protocols of the network layer regulate the addressing of the computers and the transmission of the data to the correct computer in the network. In addition, they ensure that data is forwarded to other subnets if necessary, i.e. they take on the so-called routing.
At the transport layer, the data is divided into packets and provided with information about which application on one host sends this data to which application on the other.

The term TCP / IP combines the names of the two most important components of the protocol stack: the Internet Protocol (IP) on the network layer and the Transmission Control Protocol, the most frequently used protocol on the transport layer. These protocols are presented in more detail in the next two sections, followed by the technical side of some important Internet application protocols.


13.3.1 IP addresses, datagrams and routing

The Internet Protocol (IP) works on the Internet or network layer of the Internet protocol stack. In this context, the Internet is any network that uses this protocol family. This illustrates the fact that the Internet protocols can be used to exchange data across multiple physical networks. Special computers that have at least two network interfaces forward the data between these networks. They are known as IP routers or gateways. In the narrower sense, a router is a computer that forwards data between two networks of the same physical type; a gateway, on the other hand, connects two physically different networks. As a rule, however, the two terms are used synonymously today.

Structure of the IP addresses

A classic type of IP address - the IPv4 version according to RFC 791 - is a 32-bit number. It is usually written in four decimal numbers between 0 and 255, separated by periods. However, the logic on which such an address is based is easier to understand if it is notated in binary:

A typical IP address would be around 11000010000100010101000111000001, separated into 8-bit groups, this results in 11000010 00010001 01010001 11000001 and is then 194.17.81.193 in the usual notation.

Network access in TCP / IP networks

The lowest level of the Internet layer model is network access, not network hardware. This guarantees that the Internet protocols can be implemented on almost any hardware, and in fact this has happened: in all forms of LANs such as Ethernet or Token Ring, in WANs via dial-up and leased lines as well as via most forms of wireless networks - these protocols run everywhere. This is another good reason why the Internet's protocols became the standard for network communication.

Basically, the specification of the TCP / IP protocol does not even describe the network access in the OSI sense, but only the cooperation of the IP protocol, which takes care of addressing and routing within the Internet protocol stack, with various network access methods.

At this point only two of the most important Internet network access methods should be mentioned: the Address Resolution Protocol (ARP) used for access to Ethernet and the Point-to-Point Protocol (PPP), which is used for serial connections via modem, ISDN or DSL becomes. PPP has already been described in detail above; Here are the most important things about ARP:

ARP

In short, the Address Resolution Protocol, described in RFC 826, converts the IP addresses assigned by the network administrator into the specified hardware addresses of the network interfaces.

Since the IP address is assigned to the individual hosts at random, it cannot be known on the network access layer: On a certain layer of a protocol stack, the control data of the higher levels are not evaluated, but are regarded as normal user data. For this reason, for example, a network card or a hub cannot decide on the basis of the IP address for which station a data packet is intended; they don't even notice that address.

After the IP software on a host or router has determined on the basis of the recipient's IP address that the data is intended for its own network at all, the ARP process is started to convert this IP address into the recipient's MAC address - Implement hosts. For this purpose, a computer that executes the ARP protocol (almost every computer that operates TCP / IP via Ethernet) sends a so-called broadcast data packet into the network. It is a data packet with a special recipient address that is transmitted to all computers in the network. The computer that recognizes its own IP address in the content of this packet is the only one to respond to this request and sends its own MAC address. In this way it is determined for which computer the data packet is intended.

In exceptional cases, a computer can also temporarily store the MAC addresses of other stations and respond as a substitute.

IP address classes

IP addresses consist of two components: the network part and the host part. The network part indicates the network in which the corresponding computer is located, while the host part identifies the individual computer within this network.

There are different types of IP addresses that differ from one another in terms of the length of the network or host part. Traditionally, the available addresses are divided into fixed classes; in the meantime, however, it has been found that this solution alone is too inflexible. For this reason, methods have been developed to dynamically separate the network and host parts. Nevertheless, the original fixed classes are presented first, because the public allocation of IP addresses to network operators is still based on the class logic.

The class to which an IP address belongs is shown by the bits that are furthest to the left:

Class A: The first bit is 0, so the first 8-bit group is between 0 and 127.
Class B: The first two bits are 10; the first group is in the range 128 to 191.
Class C: The first three bits are 110, so the first group is between 192 and 223.
Class D: the first four bits are 1110; the addresses start with 224 to 239.

The remaining addresses, which start with 240 to 255, have not been assigned and are reserved for future use.

Depending on the class, the part that characterizes the network is of different length, and accordingly there are different numbers of networks in the different classes. The bits that are on the far right of the address and do not belong to the network part are the host bits. Depending on the length of the network part, a different number of bits are left for the host part, so that the maximum number of computers in a network varies.


classAddress rangeNetwork bitsHost bitsNumber of networksAddresses per network
A. 0.0.0.0 to 127.255.255.255 8 (7) 24 128 16.7 million
B. 128.0.0.0 to 191.255.255.255 16 (14) 16 16.384 65.536
C. 192.0.0.0 to 223.255.255.255 24 (21) 8 2.097.152 256
D. 224.0.0.0 to 239.255.255.255 Special range of multicast addresses

Table 13.3 gives an overview of the most important information about the individual classes. There are two values ​​in the Network Bits column. The first represents the number of bits that make up the total network part. Since the boundaries between the network and the host part are at the byte boundaries, it is 1 to 3 bytes depending on the class. However, since the bits at the beginning of the address - as shown above - indicate the class, the network information that can be used in practice only consists of 7, 14 or 21 bits. The rest of the address forms the host part, which varies in size depending on the class.

Network and broadcast address

Within a single network - regardless of the class - the first and last possible addresses are not available as host addresses: The lowest address identifies the entire network as such to the outside world, but not a specific host; the highest address is the so-called broadcast address: If data packets are sent to this address within the network, they are received by every host.

For example, the addresses that begin with 18.x.x.x make up the class A network 18.0.0.0 with the broadcast address 18.255.255.255 and host addresses from 18.0.0.1 to 18.255.255.254. This network can theoretically accommodate up to 16,777,214 hosts (2nd24  – 2).

The addresses starting with 162.21.x.x are on the class B network 162.21.0.0, whose broadcast address is 162.21.255.255. Up to 65,534 hosts (2nd16   –  2) with the addresses 162.21.0.1 to 162.21.255.254.

Last example: addresses that begin with 201.30.9.x are in the class C network 201.30.9.0 with the broadcast address 201.30.9.255; the 254 possible host addresses (2 - 2) are 201.30.9.1 to 201.30.9.254.

Multicasting

The so-called multicast addresses of pseudo-class D have a special position: A multicast group is a group of hosts that are distributed over any network and share the same multicast IP address. This enables data to be sent much more economically, since they are no longer sent once per receiving host, but only have to be copied where receiving computers are located in different subnetworks. For this reason, multicasting is a promising technology for data-intensive applications such as video conferencing. In contrast, the individual host addresses are called unicast addresses.

The distribution of the IP addresses

All addresses in the IPv4 address space are administered by the Internet Assigned Numbers Association (IANA). However, if you need one or more fixed IP addresses for certain applications in your company, you should usually contact an Internet provider and not the IANA itself.

Availability by class

The 128 class A networks have all been assigned; usually to large international electronics and computer companies, as well as US government, military, and educational institutions. For example, the network 17.0.0.0 belongs to Apple, 18.0.0.0 to the Massachusetts Institute of Technology (MIT) and 19.0.0.0 to the Ford Motor Company.

The 16,384 class B networks are also largely assigned, in particular to US companies and Internet providers.

Most of the more than two million Class C networks are now also in use. Most of them belong to companies and ISPs that are not based in the United States, such as Europe or Asia. Since such institutions often operate more than 254 hosts in their network, they are often assigned a larger block of consecutive Class C networks.

You can view the current distribution of IPv4 addresses directly on the IANA website at http://www.iana.org/assignments/ipv4-address-space.

Special addresses

When the concept of IP addresses came into being, nobody could even begin to guess what dimensions the Internet would one day assume. Therefore, the original developers believed that they could afford to divide the address space relatively generously: consider, for example, that half of the address space is wasted on the extremely ineffective Class A addresses. In order to prevent the threatened shortage of IP addresses or at least to delay it until an alternative was found, some address ranges have been released for use in private networks that are not connected to the Internet. These are the following blocks:

The class A network 10.0.0.0
The 16 class B networks 172.16.0.0 to 172.31.0.0
The 256 class C networks 192.168.0.0 to 192.168.255.0

Another block that was only released later is the class B network 169.254.0.0, which is reserved for a special purpose: Modern TCP / IP implementations in almost all operating systems use this network for "link local" - a possibility automatically assigning themselves IP addresses if, contrary to expectations, no connection can be established to a DHCP server that would actually be responsible for the automatic assignment of addresses.


Attention! In the literature on TCP / IP it is repeatedly claimed that the private address ranges are not forwarded by routers - as if public Internet routers were automatically configured or not able to forward data with such addresses. But no matter how often you read this formulation somewhere and how serious the respective source may otherwise be - it is not true. Routers are quite capable of forwarding data packets from and to such addresses. Of course, this fact cannot be used sensibly because the addresses are not unique, but by definition can be assigned any number of times worldwide. The problem is rather a security risk: data packets with such addresses could fit your network purely by chance - a potential attacker could choose a particularly frequently used address range such as the class C network 192.168.0.0 to make packets look like this as if they came from the local network. You should therefore configure a packet filter firewall in such a way that it automatically discards these packets at the boundaries of your local network.

Last but not least, there are some networks with other special meanings:

The address 0.0.0.0 can be used within a network to refer to the current network itself.
The class A network 127.0.0.0 houses the so-called loopback area: A host can operate network communication with itself via the loopback interface, a virtual network interface with the address 127.0.0.1. This is useful, for example, to have both the client and the server program run on the local host while programming client-server applications.
Finally, the address 255.255.255.255 is used as a universal broadcast address: a data packet sent to this address is received by all hosts in the network, as with normal broadcast. This facility is useful for interfaces that obtain their IP address dynamically, as they usually do not even know which network they are actually in when they are put into operation. In this way, they are given the opportunity to request the allocation of an address in the first place.

The allocation of private address ranges is regulated in RFC 1918; the definition of the other special address ranges can be found in RFC 3330.

Supernetting, Subnetting and CIDR

In the recent history of the development of the Internet, it has been found that the traditional address classes are not flexible enough for all areas of application. A new scheme was therefore developed that enables the dividing line between the network and host parts of the addresses at any bit boundary. The procedure described in RFC 1519 is called Classless Inter-Domain Routing (CIDR).

The following two application examples illustrate typical problems with the old class logic that can be solved with the help of CIDR:

A company owns the class B network 139.17.0.0. However, it would be desirable if the company's four different branches could each operate independent networks. For this purpose, the existing network is to be divided into four parts - a case for so-called subnetting.
A recently founded European Internet provider has received the 1,024 class C networks 203.16.0.0 to 203.19.255.0. The company wants to manage these networks as one large network, as this considerably simplifies the dynamic allocation to customers when dialing in. Such a combination of networks is called supernetting.

How CIDR works

The principle of CIDR is based on the fact that the traditional byte boundaries between network and host part are completely eliminated. For this reason, the size of the network in a CIDR can no longer be recognized at the beginning of the address. Instead, the number of bits that make up the network part of the address is noted after the network address, separated by a slash. For example, the class A network 14.0.0.0 becomes 14.0.0.0/8.

An alternative form of representation for the boundary between the network and host part in CIDR addresses - especially in the IP configuration of most operating systems - is the subnet mask. In this mask, for the bits of the network part, am At the beginning of the address ones are noted, for the bits of the host part at the end of the address zeros. Just like the IP address itself, the subnet mask is also written in four decimal 8-bit blocks.

Table 13.4 shows examples of the notation of the original class-based addresses according to CIDR logic and their subnet masks.


classSample networkCIDR addressSubnet mask
A. 17.0.0.0 17.0.0.0/8 255.0.0.0
B. 167.18.0.0 167.18.0.0/16 255.255.0.0
C. 195.21.92.0 195.21.92.0/24 255.255.255.0

The subnetting from the first example, the subdivision of the network 139.17.0.0/16 into four equal subnets, can be carried out as follows:

Since the 65,536 arithmetic addresses are to be divided into four parts, two more bits are required for the network part of the address (4 = 2).
Since the original class B network has a 16-bit (two-byte) long network part, the four address areas are subdivided according to bit 18, i.e. according to the second bit of the third byte; the four new networks are accordingly 139.17.0.0/18, 139.17.64.0/18, 139.17.128.0/18 and 139.17.192.0/18.

Table 13.5 shows the properties of the four new networks.


network1. Host addressLast host addressBroadcast addressSubnet mask
139.17.0.0/18 139.17.0.1 139.17.63.254 139.17.63.255 255.255.192.0
139.17.64.0/18 139.17.64.1 139.17.127.254 139.17.127.255 255.255.192.0
139.17.128.0/18 139.17.128.1 139.17.191.254 139.17.191.255 255.255.192.0
139.17.192.0/18 139.17.192.1 139.17.255.254 139.17.255.255 255.255.192.0

The second example is about supernetting, i.e. the combination of individual networks into a larger overall network. The networks 203.16.0.0/24 to 203.19.255.0/24 are to be connected to a single network. This task can be solved in the following ways:

1,024 class C networks are connected to one another. 256 Class C networks would simply result in an overall network the size of a Class B network; for example, the merging of the networks 203.16.0.0/24 to 203.16.255.0/24 would result in the new network 203.16.0.0/16. In order to obtain the desired network of four times the size, the boundary between network and host part must be shifted two bits to the left.
The address is divided two bits to the left of the class B limit, i.e. before the penultimate bit of the second byte. This results in the network address 203.16.0.0/14 with the subnet mask 255.252.0.0.

IP address space conversion

In general, it is advisable to first convert the subnet mask of the original network, which is to be divided or connected to several, into the binary representation. This notation makes it easiest to shift the boundary between the network and host parts by the desired number of bits to the left or to the right. You can then subdivide the mask into the four usual 8-bit groups and convert them into decimal numbers.

This procedure is to be demonstrated in the following with two new examples.

The class B network 146.20.0.0/16 is to be divided into eight subnets:

The original netmask is 255.255.0.0.
In binary representation this corresponds to 11111111 11111111 00000000 00000000.
A division into eight networks is done by shifting the boundary between the two address parts by three places (8 = 2) To the right.
The new netmask in binary notation is 11111111 11111111 11100000 00000000.
After recalculating into the decimal group of four representation, the result is 255.255.224.0.
The following eight networks result accordingly:
146.20.0.0/19 146.20.32.0/19 146.20.64.0/19 146.20.96.0/19 146.20.128.0/19 146.20.160.0/19 146.20.192.0/19 146.20.224.0/19

The four class C networks 190.16.0.0/24 to 190.16.3.0/24 are to be connected to a common network:

The subnet mask of each of the four networks is 255.255.255.0.
Written in binary, this results in 11111111 11111111 11111111 00000000.
The combination of four such networks requires the address limit to be shifted by two bits (4 = 2) to the left.
In binary representation, the new mask is 11111111 11111111 11111100 00000000.
If this mask is converted back into decimal notation, the result is 255.255.252.0.
The new network has the CIDR address 190.16.0.0/22.

The following tables clearly show how the old IP address classes are divided into different numbers of subnets. Class A is dealt with in Table 13.6. The - purely computationally possible - grouping of several class A networks by supernetting is not carried out in practice because firstly nobody wants to operate more than 16.7 million hosts in one subnet, and secondly all class A networks to individual operators were awarded.


Network bitsHost bitsNumber of subnetsNumber of hostsSubnet mask
8 24 1 16.777.214 255.0.0.0
9 23 2 8.388.606 255.128.0.0
10 22 4 4.194.302 255.192.0.0
11 21 8 2.097.150 255.224.0.0
12 20 16 1.048.574 255.240.0.0
13 19 32 524.286 255.248.0.0
14 18 64 262.142 255.252.0.0
15 17 128 131.070 255.254.0.0
16 16 256 65.534 255.255.0.0
17 15 512 32.766 255.255.128.0
18 14 1.024 16.382 255.255.192.0
19 13 2.048 8.190 255.255.224.0
20 12 4.096 4.094 255.255.240.0
21 11 8.192 2.046 255.255.248.0
22 10 16.384 1.022 255.255.252.0
23 9 32.768 510 255.255.254.0
24 8 65.536 254 255.255.255.0
25 7 131.072 126 255.255.255.128
26 6 262.144 62 255.255.255.192
27 5 524.288 30 255.255.255.224
28 4 1.048.576 14 255.255.255.240
29 3 2.097.152 6 255.255.255.248
30 2 4.194.302 2 255.255.255.252

Table 13.7 shows the division of a class B network into any small subnetworks.


Network bitsHost bitsNumber of subnetsNumber of hostsSubnet mask
16 16 1 65.534 255.255.0.0
17 15 2 32.766 255.255.128.0
18 14 4 16.382 255.255.192.0
19 13 8 8.190 255.255.224.0
20 12 16 4.094 255.255.240.0
21 11 32 2.046 255.255.248.0
22 10 64 1.022 255.255.252.0
23 9 128 510 255.255.254.0
24 8 256 254 255.255.255.0
25 7 512 126 255.255.255.128
26 6 1.024 62 255.255.255.192
27 5 2.048 30 255.255.255.224
28 4 4.096 14 255.255.255.240
29 3 8.192 6 255.255.255.248
30 2 16.384 2 255.255.255.252

Finally, Table 13.8 shows how a class C network is subdivided. In smaller companies, it could be useful to further subdivide such a - anyway small - network.


Network bitsHost bitsNumber of subnetsNumber of hostsSubnet mask
24 8 1 254 255.255.255.0
25 7 2 126 255.255.255.128
26 6 4 62 255.255.255.192
27 5 8 30 255.255.255.224
28 4 16 14 255.255.255.240
29 3 32 6 255.255.255.248
30 2 64 2 255.255.255.252

In practice, CIDR already enables a considerably more flexible network structure than using the old classes. But even this procedure can still lead to unfavorable results if subnetworks with considerably different sizes are required: The largest subnetwork required determines the size of all others; even the smallest occupies a lot of addresses that it may never need.

For this reason the VLSM concept (Variable Length Subnet Mask) was introduced. It is a special subnetting process in which a given network is no longer divided into subnetworks of the same size but into differently sized subnetworks. Each of these subnets is assigned an individual subnet mask.

VLSM functionality

The basic principle of VLSM is to start from the smallest subnetwork required and to form the corresponding larger networks from blocks of such smallest subnetworks, to which higher subnet masks are then assigned. Suppose, for example, that when a class B network with its 65,534 host addresses is divided up, the smallest desired subnet has 12 hosts, the largest about 500. For the 12 hosts, at least one network with the subnet mask 255.255.255.248 is required, the 14 host -Addresses offers. Correspondingly larger sub-networks can then be built from these small sub-networks, whereby the boundaries between the networks must correspond to the logic of the respective network mask.

A simple example should suffice at this point: A company operates the public class C network 196.17.41.0/24. This network is to be divided between the three departments of the company; the two routers and the three servers are to form a fourth separate subnet. Table 13.9 shows the classic division of the network into four equal parts according to the CIDR logic.


AreaNumber of hostsSubnetMaximum hostsFree addresses
Server / router 5 196.17.41.0/26 62 57
administration 20 196.17.41.64/26 62 42
programming 61 196.17.41.128/26 62 1
design 30 196.17.41.192/26 62 32

It is easy to see that two of the subnets, server / router and administration, are completely oversized, while at least the subnet of the programming department has almost reached its load limit. Imagine two more hosts are added to this department: the subnet would already be too small and a different distribution would have to be considered. In this example it could just consist of merging two of the other areas to increase the programming area.

A more complex, but more sensible division of the network with the help of VLSM technology is shown in Table 13.10.


AreaNumber of hostsSubnetMaximum hostsFree addresses
Server / router 5 196.17.41.0/27 30 25
administration 20 196.17.41.32/27 30 10
design 30 196.17.41.64/26 62 32
programming 61 196.17.41.128/25 126 65

For the IP configuration of an individual host, it makes no difference whether the subnet in which it is located was configured according to the old class logic, according to the CIDR method or according to the VLSM method: In each case, the configuration dialog of the respective Operating system set the correct subnet mask. Only the routers that are used in the network concerned require special support for VLSM. Most newer routing protocols offer this support.

The transmission of IP datagrams

On the network layer of the TCP / IP protocol stack, on which the IP protocol works, the data packets are referred to as datagrams. In order to explain the data transmission with the help of the IP protocol in detail, the IP header should first be introduced at this point. It contains the control data that the IP protocol adds to a data packet that is transferred to it by the higher-level transport protocol.

Like the entire protocol, the IPv4 protocol header is defined in RFC 791. Its length is at least 20 bytes, with options of up to 40 bytes. Table 13.11 shows the exact structure.


byte0123
0version IHL Type of Service Total package length
4ID Flags Fragment offset
8Time to Live protocol Header checksum
12Source address
16Destination address
20Options Padding
...possibly further options

The individual data of the IP header are as follows:

Version (4 bits): the version number of the IP protocol that the packet is using. With IPv4, as the name suggests, version 4.
IHL (4 bit): Internet Header Length; the length of the Internet header in 32-bit words (lines in the table above). The smallest possible value is 5.
Type of Service (8 bit): a code that determines the type of data packet. Certain types of packets, for example for the exchange of routing or status information, are forwarded preferentially by certain networks. In its April Fool's 1999 joke, the computer magazine c’t offered an alleged tool for download that could manipulate this quality-of-service information in order to increase the speed of Internet connections.
Total packet length (16 bits): the total length of the datagram in bytes, header and user data.
Identification (16 bit): an identification value freely definable by the sender, which enables, for example, the assembly of fragmented datagrams.
Flags (3 bits): Control flags that regulate packet fragmentation. The first bit is reserved and must always be 0, the second (DF) determines whether the packet may be fragmented (value 1) or not (0), the third (MF) regulates whether this packet is the last fragment (0) is or whether further fragments follow (1).
Fragment offset (13 bit): This value (specified in 64-bit blocks) determines the position in an overall package where this package is to be found if it is a fragment. The first fragment or a non-fragmented packet is given the value 0.
Time to Live (8 bit): The TTL mechanism ensures that datagrams are not forwarded endlessly on the Internet if the receiving station is not found. Every router that forwards a datagram subtracts 1 from this value; if the value is 0, the router in question does not forward the packet, but discards it.
Protocol (8 bit): The number stored here determines the transport protocol for which the content of the datagram is intended. The two most important transport protocols, TCP and UDP, are described in the next section.
Header checksum (16 bit): The checksum provides a simple plausibility check for the datagram header. A packet with an incorrect header checksum will not be accepted and must be sent again.
Source address and destination address (32 bits each): the IP addresses of the sender and recipient. IP addresses have been covered in detail above.
Options (variable length): Most IP datagrams are sent without additional options, since the sender and recipient host and all routers along the way must support the options used. The options available include security features and special streaming functions.

Packet fragmentation

The problem of packet fragmentation arises from the fact that different physical network types allow different maximum lengths for data packets. This value, which is referred to as the Maximum Transmission Unit (MTU), can be configured by software for some network interfaces; for others, it is specified by the manufacturer. If datagrams from one network with a certain MTU are forwarded to another network with a smaller MTU, then the data must be "repacked" into smaller packets. As described above, they are provided with fragmentation information so that they can be reassembled correctly later.

As long as the source and destination address are in the same network, the transmission of the datagrams is very easy: Depending on the network type, the interface for which the data is intended is determined in the appropriate way (with Ethernet, for example via ARP). The datagram is then sent to the correct recipient. This reads the IP header of the packet, reassembles any fragments correctly and transmits the packet to the transport protocol, the number of which is specified in the header. You can find out how the transport service handles the data in the next section.

IP routing

It becomes more complicated, but also more interesting, when the data is not intended for a host in the local network, but for another network. In this case, the packet has to be passed on to a router, which forwards it. Most of the data that is transmitted on the Internet passes through a large number of such routers before it finally reaches its destination. To understand the concept of IP routing, you need to look at several aspects. In particular, the question of how the correct recipient network can be found in the first place is important.

Default gateway and "normal" router

Two different types of routers can usually be specified for a single host: on the one hand, the router, which forwards data to a certain external network, and, on the other hand, the standard router (usually referred to as the "default gateway"), which receives all the data are neither intended for the local network nor for a network with a special router.

With a private PC connected to the Internet via a dial-up line, there is usually only one connection to a single router. Which one this is, however, is determined when dialing into the provider's network, since the IP address is also assigned dynamically with each dial-in. Depending on which address is assigned to the host, another router may be responsible. For this reason, the router is not permanently specified in the IP configuration of the dial-up network access, but communicated via the dial-in protocol (usually PPP).

The situation is often different with workstations in companies that are connected to a local network: All network communication, both with the local network and with the Internet, takes place via one and the same LAN interface, usually via Ethernet. Within the LAN, the router has a known IP address for the connection to the Internet, which is specified during the IP configuration of the host. Sometimes the network infrastructure of a larger company also consists of several individual networks that are networked with one another via internal routers. In such a case, the router that leads to the other local network is often specified as the router for this specific network, while the Internet router (whose target network is "all other networks") is set up as the standard router. For this latter case - which is relatively interesting from a routing point of view - you can see an example here:

Routing example

In a company there are two local networks 196.87.98.0/24 and 196.87.99.0/24. The first network is used by the graphics department, the second by the software developers. Figure 13.2 shows the structure of this network.

The graphics department network contains the following three computers:

zeus (196.87.98.3)
aphrodite (196.87.98.4)
Hermes (196.87.98.5)

The network of the development department includes the following three hosts:

newton (196.87.99.7)
curie (196.87.99.8)
einstein (196.87.99.9)


A router is located between the two local networks. Its interface in the graphics department's network has the IP address 196.87.98.1. Its other interface for the development department was assigned the address 196.87.99.2. A second router connects the development department to the Internet. Its local interface was configured with the IP address 196.87.99.1; the Internet provider assigns the address for the Internet interface dynamically.

The routing configuration of the individual hosts is now interesting.The three computers in the developer network know two different routers: The standard router is 196.87.99.1, the special router for data packets to the network 196.87.98.0 is specified as 196.87.99.2. In contrast, the three hosts in the graphics network only know one router, namely 196.87.98.1, which is set up as the standard router. The router must decide for itself whether data packets beyond this router are intended for the 196.87.99.0 network or for the Internet; the computers simply send him all datagrams that are not intended for the local network.

Suppose "aphrodite" wants to access data provided by "newton". The data is obviously not intended for the 196.87.98.0 network, so it is passed to the router. This recognizes that they are intended for the network 196.87.99.0 to which it is directly connected. It can deliver the data directly to the target host.

If, on the other hand, “zeus” wants to access data from the Internet, for example the website http://www.heise.de, the standard router of the graphics network must recognize that the data is not intended for the other network that it is connected itself, and pass it on to the next router.

The situation is a little different when a computer from the developer network like »curie« wants to access »zeus«. It is already known in the routing configuration of »curie« that a certain router, namely 196.87.99.2, is to be used. “Einstein”, for example, also knows that the Internet must be accessed via router 196.87.99.1.

Routing tables

So that a host knows where it actually has to send data packets in order to reach a certain network, the individual routers must be specified in its network configuration - this works differently depending on the operating system; the concrete procedure is described in the next chapter. The result of this configuration is a routing table, which also looks different depending on the system. Assume that all computers in the example network shown above were running on UNIX (the graphics computers on Mac OS X, the developer computers on Linux). Then the routing table of "curie", which can be displayed by the UNIX command netstat -rn, would look like this:

$ netstat -rn Routing Tables Destination Gateway Flags Refcnt Use Interface 127.0.0.1 127.0.0.1 UH 1 132 lo0 196.87.99.0 196.87.99.8 U 26 49041 le0 196.87.98.0 196.87.99.2 UG 0 0 le0 default 196.87.99.1 UG 0 0 le0

The first line (destination address 127.0.0.1) describes how to reach the loopback address: The interface (network interface) is »lo0« (local loopback). The "H" flag indicates that this is a route to reach a single host. The "U" flag, on the other hand, stands for "Up" and means that the route is currently intact.

The next line specifies the local network in which "curie" is located. Therefore, simply enter the IP address of »curie« as the gateway. The interface »le0« is the first (and in this case only) Ethernet interface of the computer.

The third line describes the route into the graphics network via the router, whose address in the developer network is 196.87.99.2. The "G" flag stands for gateway, ie for the fact that the services of a router are used for this route.

Finally, in the last line, 196.87.99.1 is specified as the default gateway, that is, as the router for all destinations that do not appear explicitly in the routing table.

The »hermes« routing table looks simpler:

Routing Tables Destination Gateway Flags Refcnt Use Interface 127.0.0.1 127.0.0.1 UH 1 132 lo0 196.87.98.0 196.87.98.5 U 26 49041 le0 default 196.87.98.1 UG 0 0 le0

Since the graphics network only knows one router, there is only the loopback entry, the information for the local network and finally the default entry for all other networks.

Lifespan of
IP datagrams

In this way, data is routed all over the Internet. Every time a router is passed, there is a so-called "hop" of the data. Because of the 8-bit TTL field, which is contained in the IP header and described above, a datagram always reaches its destination with a maximum of 255 hops - or not at all.

In order for IP data packets to be able to reach their destination at all, every single router in the entire Internet must, in principle, know how to reach any network. To this end, each router also maintains routing tables similar to those shown above for each host. Since the Internet is an amalgamation of many individual networks, these tables have to be constantly updated, because configuration changes often result because new networks are added or existing ones are changed or abandoned. It would be absolutely unreasonable to manually keep these configuration changes up to date, which is why this has not been the case for many years (except within very small networks such as in the example above, in which the routing settings rarely have to change).

Routing protocols

The routers on the Internet must therefore constantly exchange information about which other networks they are transmitting data to. A number of different routing protocols have been developed to help accomplish this. Each of these routing protocols has different properties, and not all of these protocols are supported by every manufacturer.

First of all, a distinction must be made between two different types of routing: routing within coherent networks of a single operator (interior routing), who can freely decide on the configuration within this area, and routing between areas of this type that are independent of each other (exterior routing). All connected networks of an operator are referred to as autonomous systems (AS for short). Some routing protocols, such as the outdated RIP or the more recent OSPF, are used for routing within autonomous systems, while others, especially BGP, are responsible for routing between the boundaries of autonomous systems. These three routing protocols mentioned are briefly presented below.

When a router executes a routing protocol, it informs the neighboring routers to which networks it is forwarding data. Most routing protocols also provide information about the "costs" that must be calculated for reaching a particular network. The term »costs« has nothing to do with price, but rather determines above all how many hops a particular network can be reached via the respective router. However, there is also the possibility of arbitrarily manipulating the cost information - depending on how "happily" a router transmits data to a particular network. When a router has to determine to which neighboring router it should transfer the data for a particular network, it chooses the one that specifies lower costs for this network. This cost data is also known as the metric of routing.

In this way, an attempt is made to distribute the data streams between the various backbone networks as evenly as possible, and there are also different types of contracts or agreements between the network operators regarding the forwarding of data from certain other networks. For example, in Germany in the 1990s there was a dispute lasting several years between the German Research Network (DFN), the operator of the German university networks, and the commercial Internet providers. The question was who was handling whom more data traffic from the other network. The conflict could only be resolved through the introduction of new central data exchange points such as DE-CIX.

Routing Information Protocol (RIP)
The Routing Information Protocol is executed on UNIX routers by the routing daemon ("routed"). When »routed« starts, a request is sent. All other routers, which are also "routed" within the same autonomous system, answer this request with update packets. This contains the destination addresses from the routing tables of the other routers and their respective metrics.
If an update package contains the routes to networks that are not yet known, the router adds them to its routing table. In addition, routes are replaced if an update package contains the information that a certain network can be reached via another router at lower cost.
A router running "routed" also sends update packets, usually every 30 seconds. If a router does not receive any update packets from another one several times (the waiting time is often 180 seconds), it deletes all entries from its routing table that use this router. In addition, those entries are deleted whose costs are more than 15 hops. The latter limits RIP to smaller autonomous systems.
RIP interprets IP addresses strictly according to the old class logic and can neither handle CIDR nor VLSM. This is the main reason why it is used less and less.
There is also the problem that the sudden failure of routers can lead to configuration errors: All networks that could originally only be reached by the failed router can no longer be reached at all. However, word of this only gets around gradually, as a router initially removes all routes that led through the failed router, but learns from the others the route to the network that is no longer accessible. With an update interval of 30 seconds, it can take a long time for the router to "rocket" the distance to the no longer available network to the 16 hops that are no longer relevant.
To prevent this scenario, a technique called split horizon is used: a router does not offer routing information about the connection it learned it from. An extension of this process is Poison Reverse; here the routers from which a certain connection was learned are actively given the "infinite metric" 16.
Some problems with RIP are fixed in the newer version RIP-2, which is described in RFC 1723; above all, this version works with CIDR addressing.