network layer

Chapter 4 : Network Layer Compiled By : Er. Jeewan Rai
1
Layer-3 in the OSI model is called Network layer. Network layer manages options pertaining to host and network addressing, managing
sub-networks, and internetworking.
Network layer takes the responsibility for routing packets from source to destination within or outside a subnet. Two different subnet
may have different addressing schemes ornon-compatible addressing types. Same with protocols, two different subnet may be operating
on different protocols which are not compatible with each other. Network layer has the responsibility to route the packets from source
to destination, mapping different addressing schemes and protocols.
Network Layer Functions
Devices which work on Network Layer mainly focus on routing. Routing may include various tasks aimed to achieve a single goal. These
can be:
 Addressing devices and networks.
 Populating routing tables or static routes.
 Queuing incoming and outgoing data and then forwarding them according to quality of service constraints set for those packets.
 Internetworking between two different subnets.
 Delivering packets to destination with best efforts.
 Provides connection oriented and connection less mechanism.
Network Layer Features
With its standard functionalities, Layer 3 can provide various features as:
 Quality of service management
 Load balancing and link management
 Security
 Interrelation of different protocols and subnets with different schema.
 Different logical network design over the physical network design.
 L3 VPN and tunnels can be used to provide end to end dedicated
connectivity.
 helps to communicate end to end devices over the internet. It comes in
two flavors.
Layer 3 network addressing is one of the major tasks of Network Layer.
Network Addresses are always logical i.e. these are software based addresses which can be changed by appropriate configurations.
A network address always points to host / node / server or it can represent a whole network. Network address is always c onfigured on
network interface card and is generally mapped by system with the MAC address (hardware address or layer-2 address) of the machine
for Layer-2 communication.
There are different kinds of network addresses in existence:
 IP
 IPX
 AppleTalk
IP addressing provides mechanism to differentiate between hosts and network. Because IP addresses are assigned in hierarchical manner,
a host always resides under a specific network. The host which needs to communicate outside its subnet, needs to know destination
network address, where the packet/data is to be sent.
Hosts in different subnet need a mechanism to locate each other. This task can be done by DNS. DNS is a server which provides Layer-3
address of remote host mapped with its domain name or FQDN. When a host acquires the Layer-3 Address (IP Address) of the remote
host, it forwards all its packet to its gateway. A gateway is a router equipped with all the information which leads to route packets to the
destination host.
Routers take help of routing tables, which has the following information: -
 Method to reach the network
 Routers upon receiving a forwarding request, forwards packet to its next hop (adjacent router) towards the destination.
 The next router on the path follows the same thing and eventually the data packet reaches its destination.
4.1 Networking & Devices : Repeaters, Hubs, Bridges, Switches, Router, Gateway
# Repeaters
A network device used to regenerate or replicate a signal.Repeaters are used in transmission systems to
regenerate analog or digital signals distorted by transmission loss. Analog repeaters frequently can only amplify
the signal while digital repeaters can reconstruct a signal to near its original quality.
In a data network, a repeater can relay messages between subnetworks that use different protocols or cable types. Hubs can operate
as repeaters by relaying messages to all connected computers. A repeater cannot do the intelligent routing performed
by bridges and routers.
A repeater does exactly that- it repeats any electrical signals that come into one port, out its other port. (there are only 2 ports on a
repeater). It is a very “dumb” device (no offense to any of you repeaters out there).
Example :-

2
 In a wireless communications system,arepeaterconsists of aradio receiver,an amplifier,atransmitter,an isolator,and two antennas.
The transmitter produces a signal on a frequency that differs from the received signal. This so-called frequency offset is necessary to
prevent the strong transmitted signal from disabling the receiver. The isolator provides additional protection in this respect. A
repeater, when strategically located on top of a high building or a mountain, can greatly enhance the performance of a wireless
network by allowing communications over distances much greater than would be possible without it.
 In satellite wireless,arepeater (more frequently called a transponder) receives uplink signals and retransmits them, often on different
frequencies, to destination locations.
 In a cellular telephone system, a repeater is one of a group of transceivers in a geographic area that collectively serve a system user.
 In a fiber optic network, a repeater consists of a photocell, an amplifier, and a light-emitting diode (LED) or infrared-emitting diode
(IRED) for each light or IR signal that requires amplification. Fiber optic repeaters operate at power levels much lower than wireless
repeaters, and are also much simpler and cheaper. However, their design requires careful attention to ensure that internal
circuit noise is minimized.
Repeaters are commonly used by commercial and amateur radio operators to extend signals in the radio frequency range from one
receiver to another. These consist of drop repeaters, similar to the cells in cellular radio, and hub repeaters, which receive and retransmit
signals from and to a number of directions.
A bus repeater links one computer bus to a bus in another computer chassis, essentially chaining one computer to another.
# HUB
Hubs are very similar to repeaters. A Hub is essentially a multiport repeater.
Any electrical signal that comes into one port, goes out all other ports. Again,
a very dumb device.
- fundamentally used in networks that use twisted pair cabling to connect
devices.
- Act as pathways to direct electrical signals to travel along. They transmit the
information regardless of the fact if data packet is destined for the device
connected or not.
Hub Categories:
*Active Hub: They split and amplify the signal. The are a bit like the hubs in
Ethernet. Unused ports on an Active Hub do not need termination, although
it is advised to terminate them. The active hubs provide electrical isolation at
each port. They feature problem detection and segment partitioning, so only
the segment on that port will be affected by problems of one of the attached
devices to that segment.. Active hubs are also termed as ‘repeaters’.
*Passive Hub: They just split the signal, which means if it is a four port hub,
every port gets 1/3 of the signal (one port was incoming). Unused ports on
an Passive Hub do need termination. A Passive Hub is a small box with 4 BNC
connectors and an internal resistor network.
# Switches
Switches are the linkagepoints of an Ethernet network. Just as in hub,devices
in switches are connected to them through twisted pair cabling. But the
difference shows up in the manner both the devices; hub and a switch treat
the data they receive. Hub works by sending the data to all the ports on the
device whereas a switch transfers it only to that port which is connected to
the destination device.
Switches operate in full-duplex mode where devices can send and receive
data from the switch at the simultaneously unlike in half-duplex mode. The
transmission speed in switches is double than in Ethernet hub transferring a
20Mbps connection into 30Mbps and a 200Mbps connection to become

3
300Mbps. Performance improvements are observed in networking with the extensive usage of switches in the modern days.
# Bridges
A bridge is a computer networking device that builds the connection with the
other bridge networks which use the same protocol. It works at the Data Link
layer of the OSI Model and connects the different networks together and
develops communication between them. It connects two local-area networks;
two physical LANs into larger logical LAN or two segments of the same LAN that
use the same protocol.
Apart from buildingup larger networks, bridges are also used to segment larger
networks into smaller portions. The bridge does so by placing itself between
the two portions of two physical networks and controlling the flow of the data
between them. Bridges nominate to forward the data after inspecting into the
MAC address of the devices connected to every segment. The forwarding of
the data is dependent on the acknowledgement of the fact that the destination
address resides on some other interface. It has the capacity to block the
incoming flow of data as well.
Types of Bridges:
There are mainly three types in which bridges can be characterized:
 Transparent Bridge: As the name signifies, it appears to be transparent for
the other devices on the network. The other devices are ignorant of its
existence. It only blocks or forwards the data as per the MAC address.
 Source Route Bridge: It derives its name from the fact that the path which
packet takes through the network is implanted within the packet. It is mainly
used in Token ring networks.
 Translational Bridge: The process of conversion takes place via Translational
Bridge. It converts the data format of one networking to another. For instance
Token ring to Ethernet and vice versa.
Switches superseding Bridges:
Ethernet switches are seen to be gaining trend as compared to bridges. They
are succeeding on the accountof provision of logical divisions and segments in
the networking field. Infact switches are being referred to as multi-port
bridges because of their advanced functionality
# Routers
Routers are network layer devices and are particularly identified as Layer- 3
devices of the OSI Model. They process logical addressing information in the
Network header of a packet such as IP Addresses. Router is used to create
larger complex networks by complex traffic routing. It has the ability to connect
dissimilar LANs on the same protocol.
It also has the ability to limit the flow of broadcasts. A router primarily
comprises of a hardware device or a system of the computer which has more
than one network interface and routing software.
Functionality:
When a router receives the data, it determines the destination address by
reading the header of the packet. Once the address is determined, it searches
in its routing table to get know how to reach the destination and then forwards
the packet to the higher hop on the route. The hop could be the final
destination or another router.
Routing tables play a very pivotal role in letting the router makes a decision.
Thus a routing table is ought to be updated and complete. The two ways
through which a router can receive information are:
 Static Routing: In static routing, the routing information is fed into the
routing tables manually. It does not only become a time-taking task but gets
prone to errors as well. The manual updating is also required in case of statically
configured routers when change in the topology of the network or in the layout
takes place. Thus static routing is feasible for tinniest environments with
minimum of one or two routers.
 Dynamic Routing: For larger environment dynamic routing proves to be the
practical solution. The process involves use of peculiar routing protocols to hold
Fig. Switch
Fig. Bridge
Fig. Router

4
communication. The purpose of these protocols is to enable the other routers to transfer information about to other routers, so
that the other routers can build their own routing tables.
# Gateways
Gateway is a device which is used to connect multiple networks and passes
packets from one packet to the other network. Acting as the ‘gateway’ between
different networking systems orcomputer programs, a gateway is a device which
forms a link between them. It allows the computer programs, either on the same
computer or on different computers to share information across the network
through protocols. A router is also a gateway, since it interprets data from one
network protocol to another.
Others such as bridge converts the data into different forms between two
networking systems. Then a software application converts the data from one
format into another. Gateway is a workable tool to translate the data format,
although the data itself remains unchanged.
4.2 Addressing : Internet Address, Classful Address
An Internet address uniquely identifies a node on the Internet. Internet address may also refer to the name or IP of a Web site (URL).
The term Internet address can also represent someone's e-mail address.
In classless addressing variable-length blocks are assigned that belong to no class. In this architecture, the entire address space (232
addresses) is divided into blocks of different sizes.
Classful is based on the default Class A,B or C networks.
All devices in the same routing domain must use the same subnet mask. Since routers running a classful routing protocol do not include
subnet mask information with routing updates, the router assumes either its own subnet mask, or defaults to the classful subnet mask.
Classless on the other hand, allows the use of variable length subnet masks, or Variable-Length Subnet Masking (VLSM), because subnet
mask information is included with routing updates. You can have a mixture of different subnet masks in the same routing domain: -
10.1.0.0/19,10.2.0.0/20,172.16.8.0/21,172.16.16.0/24
Classful addressing:
- In the classful addressing system all the IP addresses that are available are divided into the five classes A,B,C,D and E, in which class A,B
and C address are frequently used because class D is for Multicast and is rarely used and class E is reserved and is not currently used.
- Each of the IP address belongs to a particular class that's why they are classful addresses.
- Earlier this addressing system did not have any name, but when classless addressing system came into existence then it is named as
Classful addressing system.
- The main disadvantage of classful addressing is that it limited the flexibility and number of addresses that can be assigned to any device.
- One of the major disadvantage of classful addressing is that it does not send subnet information but it will send the complete network
address. The router will supply its own subnet mask based on its locally configured subnets. As long as you have the same subnet mask
and the network is contiguous, you can use subnets of a classful network address.
Host IP address - the hostID portion of an IP address,is theportion of the address used to identify hosts (any device requiring a Network
Interface Card, such as a PC or networked printer) on the network. e.g. ip add 192.168.100.2 and subnet mask 255.255.255.0 now
192.168.100.X is network id which is used to identify from which network u belongs to and x is host id which is uniquefor ev ery nodeon
network

5
Table 43: IP Address Classes and Class Characteristics and Uses
IP Address
Class
Fraction of Total
IP Address Space
n = Number Of
Network ID Bits
p = Number Of
Host ID Bits
IP Range Intended Use
Class A 1/2 8 24 0-127 Unicast addressing for very large organizations with
hundreds of thousands or millions of hosts to
connect to the Internet.
Class B 1/4 16 16 128-191 Unicast addressing for medium-to-large
organizations with many hundreds to thousands of
hosts to connect to the Internet.
Class C 1/8 24 8 192-223 Unicast addressing for smaller organizations with no
more than about 250 hosts to connect to the
Internet.
Class D 1/16 n/a n/a 224-239 IP multicasting.
Class E 1/16 n/a n/a 240-255 Reserved for “experimental use”.
Class Starting Bits
(fixed to m bits)
Example Max Networks
2n-m
Max Hosts
2p-2
Default subnet
mask
A 0 (m=1) 125.168.3.5 =
01111101.10101000.0000011.00000101
28 -1 = 126 224-2=
16,777,214
255.0.0.0
B 10 (m=2) 155.168.3.5 =
10011011.10101000.0000011.00000101
21 6 -2 = 16,384 21 6 -2=65,534 255.255.0.0
C 110 (m=3) 192.168.3.5 =
1100000.10101000.0000011.00000101
224-3 =
2,097,152
28 -2=254 255.255.255.0
D 1110
E 1111
4.3 Subnetting
- Is a process of dividing large network into the smaller networks known as subnets based on layer 3 IP address. Every computer on
network has an IP address that represent its location on network. Two version of IP addresses are available IPv4 and IPv6.
Example :- Being a network administrator you are asked to create two networks, each will host 30 systems.
Single class C IP range can fulfill this requirement, still you have to purchase 2 class C IP range, one for each network. Single class C range
provides 256 total addresses and we need only 30 addresses, this will waste 226 addresses. These unused addresses would make
additional route advertisements slowing down the network.
In a /24 network you can'tuse 0 becauseitis theidentification
of the network (devices use it to recognize the different
networks they are connected to).
The last address, 255 in the case of a /24 network, is the
broadcast address. Devices connected to the network use it to
send a broadcast, a message intended for all devices on the
network.
Advantage of Subnetting
 Subnetting breaks large network in smaller networks and
smaller networks are easier to manage.
 Subnetting reduces network traffic by removing collision
and broadcast traffic, that overall improve performance.
 Subnetting allows you to apply network security polices at
the interconnection between subnets.
 Subnetting allows you to save money by reducing
requirement for IP range.
Subnet mask : Subnet mask is a 32 bits long address used to
distinguish between network address and host address in IP
address. Subnet mask is always used with IP address. Subnet
mask has only one purpose, to identify which part of an IP address is network address and which part is host address.
For example how will figure out network partition and host partition from IP address 192.168.1.10 ? Here we need subnet mask to get
details about network address and host address.
 In decimal notation subnet mask value 1 to 255 represent network address and value 0 [Zero] represent host address.
 In binary notation subnet mask on bit [ 1] represent network address while off bit[0] represent host address.

6
Network ID : First address of subnet is called network ID. This address is used to identify one segment or broadcast domain from all the
other segments in the network.
Block Size : Block size is size of subnet including network address, hosts addresses and broadcast address.
Broadcast ID : There are two types of broadcast, direct broadcast and full broadcast.
(i)Direct broadcast : or local broadcast is the last address of subnet and can be hear by all hosts in subnet.
(ii)Full broadcast : is the last address of IP classes and can be hear by all IP hosts in network. Full broadcast address is 255.255.255.255
The main difference between direct broadcast and full broadcast is that routers will notpropagate local broadcasts between segments,
but they will propagate directed broadcasts.
Host Addresses : All address between the network address and the directed broadcast address is called host address for the subnet. You
can assign host addresses to any IP devices such as PCs, servers, routers, and switches.
CIDR [ Classless Inter Domain Routing]
CIDR is a slash notation of subnet mask. CIDR tells us number of on bits in a network address.
o Class A has default subnet mask 255.0.0.0. that means first octet of the subnet mask has all on bits. In slash notation it would
be written as /8, means address has 8 bits on.
o Class B has default subnet mask 255.255.0.0.that means first two octets of the subnet mask have all on bits. In slash notation it
would be written as /16, means address has 16 bits on.
o Class C has default subnet mask 255.255.255.0.thatmeans first three octets of the subnet mask have all on bits. In slash notation
it would be written as /24, means address has 24 bits on.
4.4 Routing : techniques, static vs dynamic routing, routing table for classful address
Routing is the process of selecting a path for traffic in a network, or between or across multiple networks. Routing is performed for many
types of networks, including circuit-switched networks, such as the public switched telephone network (PSTN), computer networks, such
as the Internet, as well as in networks used in public and private transportation, such as the system of streets, roads, and highways in
national infrastructure.
In packet switching networks, routing is the higher-level decision making that directs network packets from their source toward their
destination through intermediate network nodes by specific packet forwarding mechanisms. Packet forwarding is the transit of logically
addressed network packets from one network interface to another. Intermediate nodes are typically network hardware devices such
as routers, bridges, gateways, firewalls, or switches. General-purpose computers also forward packets and perform routing, although they
have no specially optimized hardware for the task. The routing process usually directs forwarding on the basis of routing tables, which
maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory,
is very important for efficient routing. Most routing algorithms use only one network path at a time. Multipath routing techniques enable
the use of multiple alternative paths.
Routing schemes differ in how they deliver messages:
 Unicast delivers a message to a single specific node
 Anycast delivers a message to anyone out of a group of nodes, typically the one nearest to the source
 Multicast delivers a message to a group of nodes that have expressed interest in receiving the message
 Geocast delivers a message to a geographic area
 Broadcast delivers a message to all nodes in the network
Static vs Dynamic routing
Static routing manually sets up the optimal paths between the source and the destination computers. On the other hand, the dynamic
routing uses dynamic protocols to update the routing table and to find the optimal path between the source and the destinatio n
computers.
• The routers that use the static routing algorithm do not have any controlling mechanism if any faults in the routing paths. These routers
do not sense the faulty computers encountered while finding the path between two computers or routers in a network. The dynamic
routing algorithms are used in the dynamic routers and these routers can sense a faulty router in the network. Also, the dynamic router
eliminates the faulty router and finds out another possible optimal path from the source to the destination. If any router is down or faulty
due to certain reasons, this fault is circulated in the entire network. Due to this quality of the dynamic routers, they are also called adaptive
routers.
• The static routing is suitable for very small networks and they cannot be used in large networks. As against this, dynamic routing is used
for larger networks. The manual routing has no specific routing algorithm. The dynamic routers are based on various routing algorithms
like OSPF (Open Shortest Path First), IGRP (Interior Gateway Routing Protocol) and RIP (Routing Information Protocol).
• The static routing is the simplest way of routing the data packets from a source to a destination in a network. The dynamic routing uses
complex algorithms for routing the data packets.
• The static routing has the advantage that it requires minimal memory. Dynamic router, however, have quite a few memory overheads,
depending on the routing algorithms used.
• The network administrator finds out the optimal path and makes the changes in the routing table in the case of static routing. In the
dynamic routing algorithm, the algorithm and the protocol is responsible for routing the packets and making the changes accordingly in
the routing table.
Static Routing

7
Static routing is not really a routing protocol. Static routing is simply the process of manually entering routes into a device's routing table
via a configuration file that is loaded when the routing device starts up. As an alternative, these routes can be entered by
a network administrator who configures the routes manually. Since these manually configured routes don't change after they are
configured (unless a human changes them) they are called 'static' routes.
Static routing is the simplest form of routing, but it is a manual process.
Use static routing when you have very few devices to configure (<5) and when you know the routes will probably never change.
Static routing also does not handle failures in external networks well because any route that is configured manually must be updated or
reconfigured manually to fix or repair any lost connectivity.
Dynamic Routing
Dynamic routing protocols are supported by software applications running on the routing device (the router) which dynamically
learn network destinations and how to get to them and also advertise those destinations to other routers. This advertisement function
allows all the routers to learn about all the destination networks that exist and how to those networks.
A router using dynamic routing will 'learn' the routes to all networks that are directly connected to the device. Next, the router will
learn routes from other routers that run the same routing protocol (RIP, RIP2, EIGRP, OSPF, IS-IS, BGP etc). Each router will then sort
through it's list of routes and select one or more 'best' routes for each network destination the router knows or has learned.
Dynamic routing protocols will then distribute this 'best route' information to other routers running the same routing protocol, thereby
extending the information on what networks exist and can be reached. This gives dynamic routing protocols the ability to adapt to
logical network topology changes, equipment failures or network outages 'on the fly'.
Static Routing:
- Manually set up route.
- Stable. No impact of traffic and transmission failures
Dynamic Routing:
- Route setting is automatic
- Responds to the changes of the network
- Optimized route is selected automatically.

8
Routing Table
A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet
Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables.
A basic routing table includes the following information:
 Destination: The IP address of the packet's final destination
 Next hop: The IP address to which the packet is forwarded
 Interface: The outgoing network interface the device should use when forwarding the packet to the next hop or final destination
 Metric: Assigns a cost to each available route so that the most cost-effective path can be chosen
 Routes: Includes directly-attached subnets, indirect subnets that are not attached to the device but can be accessed through one or
more hops, and default routes to use for certain types of traffic or when information is lacking.
The routing table consists of at least three information fields:
1. the network id: i.e. the destination subnet
2. cost/metric: i.e. the cost or metric of the path through which the packet is to be sent
3. next hop: The next hop, or gateway, is the address of the next station to which the packet is to be sent on the way to its final
destination
Depending on the application and implementation, it can also contain additional values that refine path selection:
1. quality of service associated with the route. For example, the U flag indicates that an IP route is up.
2. links to filtering criteria/access lists associated with the route
3. interface: such as eth0 for the first Ethernet card, eth1 for the second Ethernet card, etc.

9
Routing tables are also a key aspect of certain security operations, such as unicast reverse path forwarding (uRPF).[2] In this technique,
which has several variants, the router also looks up, in the routing table, the source address of the packet. If there exists no route back to
the source address, the packet is assumed to be malformed or involved in a network attack, and is dropped.
Network id Cost Next hop
........ ........ ........
........ ........ ........
Shown below is an example of what the table above could look like on an average computer connected to the internet via a home router:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 10
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.1 255.255.255.255 192.168.0.100 192.168.0.100 10
 The column Network Destination and Netmask together describe the Network id as mentioned earlier. For example,
destination 192.168.0.0 and netmask 255.255.255.0 can be written as network id 192.168.0.0/24.
 The Gateway column contains the same information as the Next hop,i.e. it points to the gateway through which the network can be
reached.
 The Interfaceindicates what locally available interface is responsible for reaching the gateway. In this example,
gateway 192.168.0.1 (the internet router) can be reached through the local network card with address 192.168.0.100.
 Finally, the Metric indicates the associated cost of using the indicated route. This is useful for determining the efficiency of a certain
route from two points in a network. In this example, it is more efficient to communicate with the computer itself through the use of
address 127.0.0.1 (called “localhost”) than it would be through 192.168.0.100 (the IP address of the local network card).

10
4.5 Routing Protocols : RIP, OSPF, BGP, Unicast and Multicast routing protocols
Network address can be of one of the following:
 Unicast (destined to one host)
 Multicast (destined to group)
 Broadcast (destined to all)
 Anycast (destined to nearest one)
A router never forwards broadcast traffic by default. Multicast traffic uses special treatment as it is
most a video stream or audio with highest priority. Anycast is just similar to unicast, except that the
packets are delivered to the nearest destination when multiple destinations are available.
When a device has multiple paths to reach a destination, it always selects one path by preferring it
over others. This selection process is termed as Routing. Routing is done by special network devices
called routers or it can be done by means of software processes.The software based routers have
limited functionality and limited scope.
A router is always configured with some default route. A default route tells the router where to
forward a packet if there is no route found for specific destination. In case there are multiple path
existing to reach the same destination, router can make decision based on the following
information:
 Hop Count
 Bandwidth
 Metric
 Prefix-length
 Delay
Routes can be statically configured or dynamically learnt. One route can be configured to be
preferred over others.
Unicast routing
Most of the traffic on the internet and intranets known as unicast data or unicast traffic is sent with
specified destination. Routing unicast data over the internet is called unicast routing. It is the
simplest form of routing because the destination is already known. Hence the router just has to look
up the routing table and forward the packet to next hop.
Broadcast routing
By default, the broadcast packets are not routed and forwarded by the routers on any network.
Routers create broadcast domains. But it can be configured to forward broadcasts in some special
cases. A broadcast message is destined to all network devices.
Broadcast routing can be done in two ways (algorithm):
 A router creates a data packet and then sends it to each host one by one. In this case, the
router creates multiple copies of single data packet with different destination addresses.
All packets are sent as unicast but because they are sent to all, it simulates as if router is
broadcasting.
This method consumes lots of bandwidth and router must destination address of each
node.
 Secondly, when router receives a packet that is to be broadcasted, it simply floods those
packets out of all interfaces. All routers are configured in the same way.
This method is easy on router's CPU but may cause the problem of duplicate packets
received from peer routers.
Reverse path forwarding is a technique, in which router knows in advance about its
predecessor from where it should receive broadcast. This technique is used to detect and discard duplicates.
Multicast Routing
Multicast routing is special case of broadcast routing with significance difference and challenges. In broadcast routing, packets are sent
to all nodes even if they do not want it. But in Multicast routing, the data is sent to only nodes which wants to receive the packets.
The router must know that there are nodes, which wish to receive multicast packets (or stream) then only it should forward. Multicast
routing works spanning tree protocol to avoid looping.
Multicast routing also uses reverse path Forwarding technique, to detect and discard duplicates and loops.
Anycast Routing
Anycast packet forwarding is a mechanism where multiple hosts can have same logical address. When a packet destined to this logical
address is received, it is sent to the host which is nearest in routing topology.
Routing
schemes
anycast
broadcast
multicast
unicast
geocast
 v
 t
 e

11
Anycast routing is done with help of DNS server. Whenever an Anycast packet is received it is enquired with DNS to where to send it.
DNS provides the IP address which is the nearest IP configured on it.
Unicast Routing Protocols
The analogy stated that distance vector routing protocols are like using road signs to guide you on your
way to a destination, only giving you information about distance and direction. However, link-state
routing protocols are like using a map. With a map, you can see all of the potential routes and determine
your own preferred path.
There are two kinds of routing protocols available to route unicast packets:
 Distance Vector Routing Protocol
Distance Vector is simple routing protocol which takes routing decision on the number of hops between source and destination. A
route with less number of hops is considered as the best route. Every router advertises its set best routes to other routers. Ultimately,
all routers build up their network topology based on the advertisements of their peer routers,
For example Routing Information Protocol (RIP).
Distance vector routing protocols are likeroad signs because routers must makepreferred path decisions based on a distance or metric
to a network. Just as travelers trust a road sign to accurately state the distance to the next town, a distance vector router trusts that
another router is advertising the true distance to the destination network.
 Link State Routing Protocol
Link State protocol is slightly complicated protocol than Distance Vector. It takes into account the states of links of all the routers in
a network. This technique helps routes build a common graph of the entire network. All routers then calculate their best path for
routing purposes. For example, Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (ISIS).
Link-state routing protocols take a different approach. Link-state routing protocols are more like a road map because they create a
topological map of the network and each router uses this map to determine the shortest path to each network. Just as you refer to a
map to find the route to another town, link-state routers use a map to determine the preferred path to reach another destination.
Link State Routing Process :-
1. Each router learns about its own links, its own directly connected networks. This is done by detecting that an interface is in the up
state.
2. Each router is responsible for meeting its neighbors on directly connected networks. Similar to EIGRP, link state routers do this by
exchanging Hello packets with other link-state routers on directly connected networks.
3. Each router builds a Link-State Packet (LSP) containing the state of each directly connected link. This is done by recording all the
pertinent information about each neighbor, including neighbor ID, link type, and bandwidth.
4. Each router floods the LSP to all neighbors, who then store all LSPs received in a database. Neighbors then flood the LSPs to their
neighbors until all routers in the area have received the LSPs. Each router stores a copy of each LSP received from its neighbors in a
local database.
5. Each router uses the database to construct a complete map of the topology and computes the best path to each destination
network. Like having a road map, the router now has a complete map of all destinations in the topology and the routes to reach
them. The SPF algorithm is used to construct the map of the topology and to determine the best path to each network.
There are several advantages of link-state routing protocols compared to distance vector routing protocols.
*Builds a Topological Map : Link-state routing protocols create a topological map, or SPF tree of the network topology. Distance
vector routing protocols do not have a topological map of the network. Routers implementing a distance vector routing protocol only
have a list of networks, which includes the cost (distance) and next-hop routers (direction) to those networks. Because link-state
routing protocols exchange link-states, the SPF algorithm can build an SPF tree of the network. Using the SPF tree, each router can
independently determine the shortest path to every network.
*Fast Convergence : When receiving a Link-state Packet (LSP), link-state routing protocols immediately flood the LSP outall interfaces
except for the interface from which the LSP was received. A router using a distance vector routing protocol needs to process each
routing update and update its routing table before flooding them out other interfaces, even with triggered updates. Faster
convergence is achieved for link-state routing protocols. A notable exception is EIGRP.
*Event-driven Updates : After the initial flooding of LSPs, link-state routing protocols only send out an LSP when there is a change in
the topology. The LSP contains only the information regarding the affected link. Unlike some distance vector routing protocols, link-
state routing protocols do not send periodic updates.
Note: OSPF routers do flood the own link-states every 30 minutes. This is known as a paranoid update and is discussed in the following
chapter. Also, not all distance vector routing protocols send periodic updates. RIP and IGRP send periodic updates; however, EIGRP
does not.
*Hierarchical Design : Link-state routing protocols such as OSPF and IS-IS use the conceptof areas. Multiple areas create a hierarchical
design to networks, allowing for better route aggregation (summarization) and the isolation of routing issues within an area. Multi-
area OSPF and IS-IS are discussed further in CCNP.
Multicast Routing Protocols
Unicast routing protocols use graphs while Multicast routing protocols use trees, i.e. spanning tree to avoid loops. The optimal tree is
called shortest path spanning tree.
 DVMRP - Distance Vector Multicast Routing Protocol

12
 MOSPF - Multicast Open Shortest Path First
 CBT - Core Based Tree
 PIM - Protocol independent Multicast
Protocol Independent Multicast is commonly used now. It has two flavors:
 PIM Dense Mode
This mode uses source-based trees. It is used in dense environment such as LAN.
 PIM Sparse Mode
This mode uses shared trees. It is used in sparse environment such as WAN.
4.6 Routing Algorithms : Shortest path, Flooding, Distance Vector Routing, Link State Routing, Protocols : ARP, RARP, IP, ICMP
The routing algorithms are as follows:
Flooding
Flooding is simplest method packet forwarding. When a packet is received, the routers send it to all the interfaces except the one on
which it was received. This creates too much burden on the network and lots of duplicate packets wandering in the network.
Time to Live (TTL) can be used to avoid infinite looping of packets. There exists another approach for flooding, which is called Selective
Flooding to reduce the overhead on the network. In this method, the router does not flood out on all the interfaces, but selective ones.
Shortest Path
Routing decision in networks, are mostly taken on the basis of cost between source and destination. Hop count plays major role here.
Shortest path is a technique which uses various algorithms to decide a path with minimum number of hops.
Common shortest path algorithms are:
 Dijkstra's algorithm
 Bellman Ford algorithm
DistanceVector Routing,
Distance Vector Routing Protocol (DVRP) is one of two major routing protocols for communications methods that use data packets sent
over Internet Protocol (IP). DVRP requires routing hardware to report the distances of various nodes within a network or IP topology in
order to determine the best and most efficient routes for data packets.
Distance vector routing is a simple distributed routing protocol. Distance vector routing allows routers to automatically discover the
destinations reachable inside the network as well as the shortest path to reach each of these destinations. The shortest path is computed
based on metrics or costs that are associated to each link. We use l.cost to represent the metric that has been configured for link l on a
router.
Each router maintains a routing table. The routing table R can be modelled as a data structure that stores, for each known destination
address d, the following attributes :
 R[d].link is the outgoing link that the router uses to forward packets towards destination d
 R[d].cost is the sum of the metrics of the links that compose the shortest path to reach destination d
 R[d].time is the timestamp of the last distance vector containing destination d
A router that uses distance vector routing regularly sends its distance vector over all its interfaces. The distance vector is a summary of
the router’s routing table that indicates the distance towards each known destination. This distance vector can be computed from the
routing table by using the pseudo-code below.
Every N seconds:
v=Vector()
for d in R[]:
# add destination d to vector
v.add(Pair(d,R[d].cost))
for i in interfaces
# send vector v on this interface
send(v,interface)
When a router boots, it does not know any destination in the network and its routing table only contains itself. It thus send s to all its
neighbours adistance vector that contains only its address at a distance of 0.When a router receives a distance vector on link l, it processes
it as follows.
# V : received Vector
# l : link over which vector is received
def received(V,l):
# received vector from link l
for d in V[]
if not (d in R[]) :
# new route
R[d].cost=V[d].cost+l.cost

13
R[d].link=l
R[d].time=now
else :
# existing route, is the new better ?
if ( ((V[d].cost+l.cost) < R[d].cost) or ( R[d].link == l) ) :
# Better route or change to current route
R[d].cost=V[d].cost+l.cost
R[d].link=l
R[d].time=now
The router iterates over all addresses included in the distance vector. If the distance vector contains an address that the router does not
know, it inserts the destination inside its routing table via link l and at a distance which is the sum between the distance indicated in the
distance vector and the cost associated to link l. If the destination was already known by the router, it only updates the corresponding
entry in its routing table if either :
 the cost of the new route is smaller than the cost of the already known route ( (V[d].cost+l.cost) < R[d].cost)
 the new route was learned over the same link as the current best route towards this destination ( R[d].link == l)
The first condition ensures that the router discovers the shortest path towards each destination. The second condition is used to take into
account the changes of routes that may occur after a link failure or a change of the metric associated to a link.
To understand the operation of a distance vector protocol, let us consider the network of five routers shown below.
Operation of distance vector routing in a simple network
Assume that A is the first to send its distance vector [A=0].
 B and D process the received distance vector and update their routing table with a route towards A.
 D sends its distance vector [D=0,A=1] to A and E. E can now reach A and D.
 C sends its distance vector [C=0] to B and E
 E sends its distance vector [E=0,D=1,A=2,C=1] to D, B and C. B can now reach A, C, D and E
 B sends its distance vector [B=0,A=1,C=1,D=2,E=1] to A, C and E. A, B, C and E can now reach all destinations.
 A sends its distance vector [A=0,B=1,C=2,D=1,E=2] to B and D.
At this point, all routers can reach all other routers in the network thanks to the routing tables shown in the figure below.
Routing tables computed by distance vector in a simple network
LinkState Routing,Protocols:

14
Link state routing is the second family of routing protocols. While distance vector routers use a distributed algorithm to compute their
routing tables, link-state routers exchange messages to allow each router to learn the entire network topology. Based on this learned
topology, each router is then able to compute its routing table by using a shortest path computation [Dijkstra1959].
For link-state routing, a network is modelled as a directed weighted graph. Each router is a node, and the links between routers are the
edges in the graph. A positive weight is associated to each directed edge and routers use the shortest path to reach each destination. In
practice, different types of weight can be associated to each directed edge :
 unit weight. If all links have a unit weight, shortest path routing prefers the paths with the least number of intermediate routers.
 weight proportional to the propagation delay on the link. If all link weights are configured this way, shortest path routing uses
the paths with the smallest propagation delay.
 where C is a constant larger than the highest link bandwidth in the network. If all link weights are
configured this way, shortest path routing prefers higher bandwidth paths over lower bandwidth paths
Usually, the same weight is associated to the two directed edges that correspond to a physical link (i.e. and ).
However, nothing in the link state protocols requires this. For example, if the weight is set in function of the link bandwidth, then an
asymmetric ADSL link could have a different weight for the upstream and downstream directions. Other variants are possible. Some
networks use optimisation algorithms to find the best set of weights to minimize congestion inside the network for a given traffic
demand [FRT2002].
When a link-state router boots, it first needs to discover to which routers it is directly connected. For this, each router sends a HELLO
message every N seconds on all of its interfaces. This message contains the router’s address. Each router has a unique address. As its
neighbouring routers also send HELLO messages, the router automatically discovers to which neighbours it is connected. These HELLO
messages are only sent to neighbours who are directly connected to a router, and a router never forwards the HELLO messages that they
receive. HELLO messages are also used to detect link and router failures. A link is considered to have failed if no HELLO message has been
received from the neighbouring router for a period of seconds.
The exchange of HELLO messages
Once arouter has discovered its neighbours, it must reliably distribute its local links to all routers in the network to allow them to compute
their local view of the network topology. For this, each router builds a link-state packet (LSP) containing the following information :
 LSP.Router : identification (address) of the sender of the LSP
 LSP.age : age or remaining lifetime of the LSP
 LSP.seq : sequence number of the LSP
 LSP.Links[] : links advertised in the LSP. Each directed link is represented with the following information : - LSP.Links[i].Id :
identification of the neighbour - LSP.Links[i].cost : cost of the link
These LSPs must be reliably distributed insidethe network without usingthe router’s routing table since these tables can only becomputed
once the LSPs have been received. The Flooding algorithm is used to efficiently distribute the LSPs of all routers. Each router that
implements flooding maintains a link state database (LSDB) containing the most recent LSP sent by each router. When a router receives
an LSP, it first verifies whether this LSP is already stored inside its LSDB. If so, the router has already distributed the LSP earlier and it does
not need to forward it. Otherwise, the router forwards the LSP on all links except the link over which the LSP was received. Flooding can
be implemented by using the following pseudo-code.
# links is the set of all links on the router
# Router R's LSP arrival on link l
if newer(LSP, LSDB(LSP.Router)) :
LSDB.add(LSP)
for i in links :
if i!=l :
send(LSP,i)
else:
# LSP has already been flooded

15
In this pseudo-code, LSDB(r) returns the most recent LSP originating from router r that is stored in the LSDB. newer(lsp1,lsp2) returns true
if lsp1 is more recent than lsp2. See the note below for a discussion on how newer can be implemented.
ARP,
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that
is recognized in the local network. For example, in IP Version 4, the most common level of IP in use today, an address is 32 bits long. In
an Ethernet local area network, however, addresses for attached devices are 48 bits long. (The physical machine address is also known as
a Media Access Control or MAC address.) A table, usually called the ARP cache, is used to maintain a correlation between each MAC
address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address c onversion
in both directions.
How ARP Works
ARP operates at Layer 2 in the OSI model. Protocol support is implemented in the device drivers of network operating
systems. Internet RFC 826 documents technical details of the protocol including its packet format and the workings of request and
response messages
ARP works on modern Ethernet and Wi-Fi networks as follows:
 Network adapters are produced with a physical address embedded in the hardware called the Media Access Control
(MAC) address. Manufacturers take care to ensure these 6-byte (48-bit) addresses are unique, as IP relies on these unique
identifiers for message delivery.
 When any device wishes to send data to another target device, it must first determine the MAC address of that target given its
IP address These IP-to-MAC address mappings are derived from an ARP cache maintained on each device.
 If the given IP address does not appear in a device's cache, that device cannot direct messages to that target until it obtains a
new mapping. To do this, the initiating device first sends an ARP requestbroadcast message on the local subnet. The host with
the given IP address sends an ARP reply in response to the broadcat, allowing the initiating device to update its cache and proceed
to deliver messages directly to the target.

16
Inverse ARP and Reverse ARP
A network protocol called RARP (Reverse ARP) was also developed in the 1980s to complement ARP. As its name implies, RARP performed
the opposite function of ARP, converting from physical network addresses to the IP addresses assigned to those devices. RARP was made
obsolete by DHCP and is no longer used.
A separate protocol called Inverse ARP also supports the reverse address mapping function. Inverse ARP is not used on Ethernet or Wi-Fi
networks either although it can sometimes be found on other types.
RARP,
RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP
address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area
network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet
Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP
address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can
store it for future use.
IP,
The Internet Protocol (IP) is the method or protocol by which data is sent from one computer to another on the Internet. Each computer
(known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.
When you send or receive data (for example, an e-mail note or a Web page), the message gets divided into little chunks called packets.
Each of these packets contains both the sender's Internet address and the receiver's address. Any packet is sent first to
a gateway computer that understands a small part of the Internet. The gateway computer reads the destination address and forwards the
packet to an adjacent gateway that in turn reads the destination address and so forth across the Internet until one gateway recognizes
the packet as belonging to a computer within its immediate neighborhood or domain. That gateway then forwards the packet directly to
the computer whose address is specified.
Because a message is divided into a number of packets, each packet can, if necessary, be sent by a different route across the Internet.
Packets can arrive in adifferent order than the order they were sent in.The Internet Protocol just delivers them. It's up to another protocol,
the Transmission Control Protocol (TCP) to put them back in the right order.
IP is a connectionless protocol, which means that there is no continuingconnection between the end points that are communicating. Each
packet that travels through the Internet is treated as an independent unit of data without any relation to any other unit of data. (The
reason the packets do get put in the right order is because of TCP, the connection-oriented protocol that keeps track of the packet
sequence in a message.) In the Open Systems Interconnection (OSI) communication model, IP is in layer 3, the Networking Layer.
The most widely used version of IP today is Internet Protocol Version 4 (IPv4). However, IP Version 6 (IPv6) is also beginning to be
supported. IPv6 provides for much longer addresses and therefore for the possibility of many more Internet users. IPv6 includes the
capabilities of IPv4 and any server that can support IPv6 packets can also support IPv4 packets.
ICMP
ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to
the source IP address when network problems prevent delivery of IP packets. ICMP creates and sends messages to the source IP address
indicating that a gateway to the Internet that a router, service or host cannot be reached for packet delivery. Any IP network device has
the capability to send, receive or process ICMP messages.
ICMP is not a transport protocol that sends data between systems.
While ICMP is not used regularly in end-user applications, it is used by network administrators to troubleshoot Internet connections in
diagnostic utilities including ping and traceroute.
One of the main protocols of the Internet Protocol suite, ICMP is used by routers, intermediary devices or hosts to communicate error
information or updates to other routers, intermediary devices or hosts. The widely used IPv4 (Internet Protocol version 4) and the
newer IPv6 use similar versions of the ICMP protocol (ICMPv4 and ICMPv6, respectively).
ICMP messages are transmitted as datagrams and consist of an IP header that encapsulates the ICMP data. ICMP packets are IP packets
with ICMP in the IP data portion. ICMP messages also contain the entire IP header from the original message, so the end system knows
which packet failed
The ICMP header appears after the IPv4 or IPv6 packet header and is identified as IP protocol number 1. The complex protocol contains
three fields:
The Internet Control Message Protocol (ICMP) [RFC792] protocol is classic example of a client server application. The ICMP server executes
on all IP end system computers and all IP intermediate systems (i.e routers). The protocol is used to report problems with delivery of IP
datagrams within an IP network. It can be sued to show when a particular End System (ES) is not responding, when an IP network is not
reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The protocol is also frequently used by
Internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the
specified destination address.

17
ICMP messages generated by router R1, in response to message sent by H0 to
H1 and forwarded by R0. This message could, for instance be generated if
the MTU of the link between R0 and R1 was smaller than size of the IP packet,
and the packet had the Don't Fragment (DF) bit set in the IP packet header.
The ICMP message is returned to H0, since this is the source address specified
in the IP packet that suffered the problem. A modern version of Path MTU
Discovery provides a mechanism to verify the Path MTU [RFC4821].
An ICMP message consisting of 4 bytes of PCI and an optional message
payload.
The format of an ICMP message is shown above. The 8-bit type code identifies
the types of message. This is followed by at least the first 28 bytes of the
packet that resulted in generation of the error message (i.e. the network-layer
header and first 8 bytes of transport header). This payload is, for instance used
by a sender that receives the ICMP message to perform Path MTU
Discovery so that it may determine IP destination address of the packet that
resulted in the error. Longer payloads are also encouraged (which can help
better identify the reason why the ICMP message was generated and which
program generated the original packet).
The figure below shows the encapsulation of ICMP over an Ethernet LAN using
an IP network layer header, and a MAC link layer header and trailer containing
the 32-bit checksum:
Encapsulation for a complete ICMP packet (not showing
the Ethernet preamble)
It is the responsibility of the network layer (IP) protocol to ensure that the
ICMP message is sent to the correct destination. This is achieved by setting
the destination address of the IP packet carrying the ICMP message. The
source address is set to the address of the computer that generated the IP
packet (carried in the IP source address field) and the IP protocol type is set
to "ICMP" to indicate that the packet is to be handled by the remote end
system's ICMP client interface.
 Floyd Warshall algorithm
Address Resolution Protocol(ARP)
While communicating, a host needs Layer-2 (MAC) address of the destination
machine which belongs to the same broadcast domain or network. A MAC
address is physically burnt into the Network Interface Card (NIC) of amachine
and it never changes.
On the other hand, IP address on the public domain is rarely changed. If the
NIC is changed in case of some fault, the MAC address also changes. This way,
for Layer-2 communication to take place, a mapping between the two is
required.
Unicast routing
Broadcast routing
Multicast Routing
Anycast Routing

18
To know the MAC address of remote host on a broadcast domain, a computer wishing to initiate communication sends out an ARP
broadcast message asking, “Who has this IP address?” Because it is a broadcast, all hosts on the network segment (broadcast domain)
receive this packet and process it. ARP packet contains the IP address of destination host, the sending host wishes to talk to. When a host
receives an ARP packet destined to it, it replies back with its own MAC address.
Once the host gets destination MAC address, it can communicate with remote host using Layer-2 link protocol. This MAC to IP mapping
is saved into ARP cache of both sending and receiving hosts. Next time, if they require to communicate, they can directly refer to their
respective ARP cache.
Reverse ARP is a mechanism where host knows the MAC address of remote host but requires to know IP address to communicate.
Internet Control Message Protocol (ICMP)
ICMP is network diagnostic and error reporting protocol. ICMP belongs to IP protocol suite and uses IP as carrier protocol. After
constructing ICMP packet, it is encapsulated in IP packet. Because IP itself is a best-effort non-reliable protocol, so is ICMP.
Any feedback about network is sent back to the originating host. If some error in the network occurs, it is reported by means of ICMP.
ICMP contains dozens of diagnostic and error reporting messages.
ICMP-echo and ICMP-echo-reply are the most commonly used ICMP messages to check the reachability of end-to-end hosts. When a
host receives an ICMP-echo request, it is bound to send back an ICMP-echo-reply. If there is any problem in the transit network, the
ICMP will report that problem.
Internet Protocol Version 4 (IPv4)
IPv4 is 32-bit addressing scheme used as TCP/IP host addressing mechanism. IP addressing enables every host on the TCP/IP network to
be uniquely identifiable.
IPv4 provides hierarchical addressing scheme which enables it to divide the network into sub-networks, each with well-defined number
of hosts. IP addresses are divided into many categories:
 Class A - it uses first octet for network addresses and last three octets for host addressing
 Class B - it uses first two octets for network addresses and last two for host addressing
 Class C - it uses first three octets for network addresses and last one for host addressing
 Class D - it provides flat IP addressing scheme in contrast to hierarchical structure for above three.
 Class E - It is used as experimental.
IPv4 also has well-defined address spaces to be used as private addresses (not routable on internet), and public addresses (provided by
ISPs and are routable on internet).

network layer

More Related Content

What's hot (20)

Similar to network layer (20)

More from BishalWosti1 (7)

Recently uploaded (20)

network layer