Lesson 7 - Internetwork Layer
Buckle up, this is going to be a long lesson. We're going to learn about the Internetwork layer of the TCP/IP model. We'll see how IP addresses are formatted, then we will see how they're used to route data across the Internet. After that we will look at how you can take a large network and split it into multiple smaller networks. We'll look at the next version of IP then we'll examine some of the tools you can use to troubleshoot IP connectivity issues.
In Lesson 4 we learned about the data link layer. We learned how the frame header information is used to deliver the frame to the correct device. The data link layer is responsible for device to device transmissions. The internetwork layer is responsible for end to end routing. So far we've focused on devices on the same network communicating. The internetwork layer is used to leave the local network and move through other networks to get to the destination. This process of moving data from network to network is called routing.
The address type used at the internetwork layer is IP (Internet Protocol). There are two versions of IP used on today's networks. IPv4 and IPv6. We're going to start off learning about IPv4. Each NIC (Network Interface Card) in your device can have an IP address. If your device has an IP address it's called a host. An IP address is a 32 bit value expressed in dotted decimal notation. Dotted decimal notation separates each byte with a period with each byte written in decimal format. Each byte is referred to as an octet. Below you'll find an example of an IP address in both binary and dotted decimal notation.
Dotted decimal notation: 192.168.10.1
Since each octet is made up of 8 bits you can only have 256 different values per octet. 28 = 256. That means each octet can range from 0-255, so the IP 192.168.10.464 is not valid.
When the segment from the the transport layer arrives at the internetwork layer an IP header is added. The IP header contains source and destination IP addresses. When the header is added the chunk of data becomes a packet. With the addition of the IP header we now have a complete picture of what happens when a network request is made. Let's look at the entire encapsulation process.
The diagram above shows the data starting at the application and traveling down to the medium. On the receiving device this process is completed in reverse. The data comes off the medium and works its way up the stack discarding the header information until the data is delivered to the application.
The IP header has lot of information in it. The first 4 bits are used to identify if the packet is IPv4 or IPv6. If it's an IPv4 packet then the header is in the following format.
The fields we care about are the TTL (Time To Live) and the source and destination addresses. We'll learn more about the TTL later. The source address is the address where the packet came from, and the destination is to where it's sent. This might appear redundant with the source and destination MAC addresses in the frame header. But it's not since the MAC address is used to get the data to the next device, and the IP address is used to get the data to its ultimate destination. This is the difference between device to device transmissions at the data link layer, and end to end routing found at the internetwork layer.
An IP address is broken down into two different parts. The part that represents the network, and the part that represents the individual device. All devices on the same network have the same network portion. In the example IP addresses below the first three octets represent the network, and the last octet uniquely identifies the device on the network.
As you can see the network portion is the same on all devices. This means all the devices are on the same network. In the example 24 bits are network bits and the remaining 8 are host bits. We can see this when we view one of the IP's in binary format.
If you count the bits above you'll see there are 24 red bits, and 8 blue bits. We can tell what bits are network bits when an IP address is written in CIDR (Classless Inter-Domain Routing) notation. CIDR notation is where the number of network bits is added to the end of an IP address with a slash separating the two. The number of network bits is a variable number, not always 24.
When working with IP addresses there are two addresses you can't use on a network. You can't use the lowest and highest addresses. If all the host bits equal 0 then that's the network ID. If all host bits equal 1 then that's the network's broadcast address.
192.168.10.0/24 - Network ID
192.168.10.255/24 - Broadcast Address.
Network devices use a subnet mask to determine what bits are network bits and what bits are host bits. A subnet mask is a dotted decimal representation of a 32 bit number where each bit that corresponds to a network bit is set to one. In a network where there are 24 network bits the subnet mask would be 11111111111111111111111100000000 or 255.255.255.0. The subnet mask is not an IP address, its purpose is to identify which bits are network bits in an IP address. It is always a stream of ones, followed by zeroes. When writing addresses in CIDR notation there is still a subnet mask.
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
There are default values for the subnet mask depending on the class of the IP address used. We'll be looking at class A, B and C address types. Each of the class types defines how many bits are network bits by default.
It's easy to identify the class of an IP address, if you're looking at the IP address in binary format then you can tell by looking at the first bits starting on the left. Class A always starts with a 0, class B starts with 10, and class C starts with 110.
Class A - 0nnnnnnnhhhhhhhhhhhhhhhhhhhhhhhh
Class B - 10nnnnnnnnnnnnnnhhhhhhhhhhhhhhhh
Class C - 110nnnnnnnnnnnnnnnnnnnnnhhhhhhhh
You can also tell the class by looking at the 1st octet on the left. The table below outlines the ranges and their classes.
Note the absence of a network starting with 127. The 127 network is reserved for the loopback address. If an application layer protocol sends data to an address in the loopback range the data loops back to the host. Typically the address 127.0.0.1 is uses as the loopback address. It's also common practice that that name localhost resolves or represents the loopback address.
There are some addresses set aside for private use inside internal networks. Below is a list of the private addresses in each class.
There is another range set aside used for APIPA (Automatic Private IP Addressing). This is where computers will generate their own IP address if they don't already have one. This is handy when you're hooking two computers together directly, they automatically set themselves up so they can communicate. That APIPA range is 169.254.0.0 - 169.254.255.255. If you see an address in this range on a network connected device it typically means there's a problem. A device with an APIPA address won't be able to access the Internet.
Besides APIPA there are two ways you can give your devices IP addresses. You can manually enter the IP address on devices so they have static addresses. When you configure a device this way it has the same IP addresses every time it connects to the network. Static addresses are good on devices that provide a service to clients. Servers, network equipment, and printers are all examples of devices that should have static addresses. Alternatively you can hand out IP addresses to your clients. DHCP (Dynamic Host Configuration Protocol) is a protocol that will hand out IP addresses to your clients. DHCP is typically used to assign addresses and other configuration information to your client devices.
Now that we know everything there is to know about IP addresses we will learn how they help us do end to end routing. It was mentioned earlier that the process of moving data from network to network is called routing. In order to route data from one network to another we use a device called a router.
When a computer on the 192.168.10.0/24 network needs to talk to a computer on the 192.168.20.0/24 network a couple things happen. At the internetwork layer the IP address of the computer in the destination network is place in the IP header. At the data link layer the MAC address of the router is placed in the frame header. The router above has two network ports on it and it's connected to both networks. The data link layer is there to make sure the data is sent to the next device, in this case it's the router. The IP header is used by the router to send the data to the correct network.
Let's follow the flow of data as it goes from a computer on one network to another. When the computer with an IP address of 192.168.10.50 sends data to a computer with an IP of 192.168.20.72 the first thing it will do is detect that the destination is not on the same network. It will do this by comparing the network bits together and see a difference. It knows it needs to send the data outside the network.
192.168.10.50/24 - 11000000101010000000101000110010
192.168.20.72/24 - 11000000101010000001010001001000
The computer is configured with a default gateway address, which is the address it uses to leave the network. The gateway address is the address of the router on the network. The computer knows it needs to send the data to the router so it can route the data to the correct network. It will build a packet that has the IP address of the final destination, or the computer on the other network. That packet will be sent to the data link layer where the MAC address for the router will be added as the destination. Then it will be encoded and sent on the medium.
After the bits leave the computer's NIC they will arrive at the switch. The switch will look at the frame header and compare the destination MAC address to its MAC address table. It will use that information to send the frame out the port to which the router is connected. This process is not new to us. The switch doesn't use any information from the IP header to decide where to send data. It only uses layer 2 addresses making a switch a layer 2 device. The packet and frame are left unchanged when moving through the switch.
When the bits arrive at the router the frame information is discarded leaving the packet. The router has a routing table that contains a list of all the networks it knows about and how to get to them. The router looks for the destination network in the routing table and decides where to send the packet.
Before the router can send the packet, it has to send it to the data link layer where it will be encapsulated in a frame. The new frame will contain the MAC address of the next device. In this case the next device is the destination computer. Notice the source MAC address is the router, not the sending computer.
When the frame arrives at the switch it will look at the destination MAC address and decide where to forward it. The switch will not modify the frame and won't even look at the packet.
After the bits leave the switch they'll arrive at the computer. There the data will travel up the TCP stack to the correct application. If we look at the flow of data through multiple networks it would look like the image below. At each router the framing information is discarded so the packet can be examined. Then a new frame is created and the bits are sent on their way. The new frame contains the information needed to transfer information to the next device. The packet contains information to get the information to its final destination.
As the packet flows from router to router the only thing that's changed in the IP header is the TTL (Time To Live). The TTL is a number starting at 128 in Windows. As the packet hops from router to router the TTL is decreased by 1 at each router. Once the TTL reaches 0 the packet is discarded. If the data can't make it to the destination in less than 128 hops then it won't make it. Typically this happens if a router loop is mistakenly created. Instead of sending the data back and forth forever it drops it.
The routers have a routing table they use to make sure data is routed to the correct network. There are multiple ways the routing tables can be built. We learned how a switch's MAC address table is populated automatically through either learning or flooding. A router does require a human get involved.
If we look at a simple network with three routers we can see each router has an IP address and the addresses are on different works. In the image below we see a central office at the bottom with two satellite offices connected.
In reality there's a lot more going on. Each router has at least two IP addresses. One IP address for each network it's connected to. In the image above there are actually 6 networks counting the Internet. Configuring a router is more than telling the packets where to go, you're actually creating the networks. Each network has to be defined properly and all the IP addresses on the same network have to be members of that network. Configuring your networks routers takes a lot of planning prior to configuring the devices.
In the image below we can see the three networks representing each site. They are the boxes starting with 192.168. These are the networks that will contain your client devices. Between each of the satellite sites and the central office we see networks. Those networks contain two devices, the two routers. Those networks exist to facilitate the connection between routers. The sixth network is the Internet.
When the routers are first configured with IP addresses the routing tables created on each router only know about the connected networks. Without any other configuration, or addition of routes, the devices in the 192.168.10.0/24 network won't be able to talk to devices on either the 192.168.20.0/24 or 192.168.30.0/24 networks. The default routing tables for each of the routers can be seen below. You'll see in router 1's routing table there's no entry for the 192.168.20.0/24 or 192.168.30.0/24 networks.
You can enable routing protocols on each of the routers and they'll discover each other. The routing protocols will advertise the known networks to other routers so they can add them to their routing tables. Once the routing protocols complete, devices on other networks will be able to talk. Below you'll see the updated routing tables. Alternatively you could add the routes manually and create static routes.
With the new routing tables above there is still one thing missing. The devices don't know how to get to the internet. There are a lot of networks on the internet, and we don't want to create a route for each potential network that could exist so we create a default route. The default route is where packets go if the destination network isn't found in the routing table. The default route is represented by the 0.0.0.0 address. In order to have a connection to the Internet we need to setup the default route on our routers.
As your network becomes more complex there may be more than one way to get from one network to another. The metric is used to set the priority of the route. The lower the number the higher the priority.
Routing protocols are broken down into two categories, interior routing protocols, and exterior routing protocols. Interior routing protocols are used inside a network. Exterior routing protocols are used for communication between different companies. Below are the routing protocols used.
If you have a large, multisite network then you'll probably need to use an IP scheme that supports a lot of devices. We will look at using the internal class A network starting with 10. We learned earlier in this lesson that a class A network will support 16,777,214 devices. The problem is the internal class A network is only one network and you'll need at least one network per site. In order to accommodate multiple networks you'll need to split the large network into multiple sub networks, or subnets. The process of creating a subnet from a larger network is called subnetting.
The way subnetting works is we borrow host bits and change them to network bits. On the network 10.0.0.0/8 we have 8 network bits and 24 host bits. If we borrow 8 bits we change the network to 10.0.0.0/16. Now we have 16 network bits and 16 host bits. We can modify the values of the borrowed bits to create multiple networks. This changes our subnet mask from 255.0.0.0 to 255.255.0.0.
10.0.0.0/8 - 00001010000000000000000000000000
10.0.0.0/16 - 00001010000000000000000000000000
When we borrow bits it gives us the ability to create multiple networks. The borrowed bits can be changed, creating different networks. Below we see how changing some of the borrowed bits creates new networks.
10.10.0.0/16 - 00001010000010100000000000000000
10.20.0.0/16 - 00001010000101000000000000000000
10.30.0.0/16 - 00001010000111100000000000000000
The addresses above are the new network's network IDs. A network ID is an IP address where all the host bits equal zero. It's used to define the network and can't be used as an IP address. If all host bits equal one then we have the network's broadcast IP address. The broadcast address is used to send a message to all devices on the network. The broadcast address cannot be used as a device's IP address. Below are the broadcast addresses for our newly created subnets.
10.10.255.255/16 - 00001010000010101111111111111111
10.20.255.255/16 - 00001010000101001111111111111111
10.30.255.255/16 - 00001010000111101111111111111111
This means the valid address for our networks are the entire range minus the network ID and the broadcast address.
10.10.0.1 - 10.10.255.254
10.20.0.1 - 10.20.255.254
10.30.0.1 - 10.30.255.254
We can calculate the number of IP addresses, or devices we can support on each network. The number of devices supported per network is calculated using the following formula.
2 Number of host bits - 2
In our networks we have 16 host bits so our formula would be 216-2 or 65,534 unique devices per network. We subtract 2 because we can't use the network ID or the broadcast address. We can also calculate how many networks we can create based on the number of bits borrowed. The formula for determining how many subnets we can create is below.
2 Number of borrowed bits - 2
Using the 8 bits we borrowed our formula would be 28-2 or 254 networks. In the past there was a requirement that the subnets containing all 0's and 1's in the borrowed bits be reserved, that's why we subtract 2 in the formula. This requirement is no longer required, but is still considered best practice. So when we calculate the number of subnets we still subtract out the high and low values.
When the split between network bits and host bits occurs in the middle of an octet it becomes more difficult to calculate the subnets. Let's look at how we would find the network ID, broadcast, and range of the first network where we borrow 5 bits.
Starting Network ID: 10.0.0.0/8
Borrow 5 bits
10.XXXXX000.00000000.00000000 - Network ID
10.XXXXX111.11111111.11111111 - Broadcast Address
10.XXXXX000.00000000.00000001 - First IP
10.XXXXX111.11111111.11111110 - Last IP
255.11111000.00000000.00000000 - Subnet mask
We write out the part we can't change in decimal in this case the 10. The first octet is assigned to us so we don't need to look at it in binary. The next three octets need to be converted to binary. The 5 bits we borrowed are unset at this point so we put in placeholders. We're able to fill out the host portions using the following rules.
Network ID: Host bits equal zero.
Broadcast: Host bits equal one.
First IP: All zeros with a 1 in the right most bit.
Last IP: All ones with a 0 in the right most bit.
Now that we have it setup we can solve the problem. We need to come up with the addresses of the first network, the first network is the lowest value we can come up with. So what we do is find the smallest bit pattern that can fit in the space where we borrowed bits. In this case we borrowed 5 bits.
The smallest bit pattern that can fit is 00001. We take the lowest bit pattern and plug it into the spaces above.
10.00001000.00000000.00000000 - Network ID (Host bits equal zero)
10.00001111.11111111.11111111 - Broadcast Address (Host bits equal one)
10.00001000.00000000.00000001 - First IP (All zeros with a 1 in the right most bit)
10.00001111.11111111.11111110 - Last IP (All ones with a 0 in the right most bit)
255.11111000.00000000.00000000 - Subnet mask (All ones followed by all zeros, Not an IP address)
Once you have that set you convert each octet into decimal and you'll have the answer.
10.8.0.0 - Network ID
10.15.255.255 - Broadcast Address
10.8.0.1 - First IP
10.15.255.254 - Last IP
255.248.0.0 - Subnet mask
The subnet mask is not an IP address, it's there to tell the device what bits are network bits and what bits are host bits. The subnet mask changed from 255.0.0.0 to 255.248.0.0 to show we borrowed 5 bits. When calculating the mask don't forget it's always a stream of ones from the left followed by a stream of zeros. It never changes that pattern. The ones tell the computer the corresponding bits are network bits in the IP address.
If we want to find the next subnet we can do it by increasing our borrowed bit block by one and plugging it in. XXXXX = 00010
10.00010000.00000000.00000000 - Network ID (Host bits equal zero)
10.00010111.11111111.11111111 - Broadcast Address (Host bits equal one)
10.00010000.00000000.00000001 - First IP (All zeros with a 1 in the right most bit)
10.00010111.11111111.11111110 - Last IP (All ones with a 0 in the right most bit)
255.11111000.00000000.00000000 - Subnet mask (All ones followed by all zeros, Not an IP address)
Convert each octet to decimal and you have the second network's information.
10.16.0.0 - Network ID
10.23.255.255 - Broadcast Address
10.16.0.1 - First IP
10.23.255.254 - Last IP
255.248.0.0 - Subnet mask
You may notice that if we keep going, each time we do it the network ID value will increase by 8. This is because the right most bit in the borrowed section represents 8. As we count up in binary we are counting up by 8s. So the next network ID would be 10.24.0.0 followed by 10.32.0.0. It turns out this pattern is consistent as you borrow bits. We can refer to this number as the magic number. Using the chart below we can see if we borrow 5 bits, our magic number is 8, and our subnet mask value is 248. Using this chart can help you solve subnetting problems without converting to binary.
That top row is the place values of binary numbers. The second row is the value of the entire octet if all bits are turned on up to that point starting at the left. So if we borrowed 5 bits it would be 11111000 or 248. The bottom row is the number of bits you borrow. Let's try a quick one. We're going to start with 172.16.0.0/16 and borrow 3 bits. Looking at the chart we can see our magic number is 32 and the mask will be 224.
We can use this information to solve the problem.
172.16.32.0 - Network ID
172.16.63.255 - Broadcast Address (The next network ID minus 1)
172.16.32.1 - First IP
172.63.254 - Last IP
255.255.224.0 - Subnet Mask
This method works well until you have to borrow more than 8 bits. If you borrow more than 8 bits then you need to shift over so you're working in the relevant octet. If we borrow 14 bits from 10.0.0.0/8 then you subtract 8 from 14 to shift over.
14-8 = 6 ------^
Using 6 as the number of bits borrowed we see 4 is our magic number. The process is the same but you have to remember you shifted over one octet.
10.0.4.0 - Network ID
10.0.7.255 - Broadcast Address (The next network ID minus 1)
10.0.4.1 - First IP
10.0.7.254 - Last IP
255.255.252.0 - Subnet Mask
Finding the next network is the same process, increase the network ID by your magic number.
10.0.8.0 - Network ID
10.0.11.255 - Broadcast Address (The next network ID minus 1)
10.0.8.1 - First IP
10.0.11.254 - Last IP
255.255.252.0 - Subnet Mask
Following the rules above will help you subnet your network, but how do you know how many bits to borrow? This will depend on your environment. You can use the following IP sheet to help you find the right size network. You can determine what class to use and how many bits to borrow based on how many networks you need and how many devices per network. If you need 10 networks with at least 200 network devices per network then a class c network won't work. Borrowing 4-8 bits would work on a class B network, and borrowing 4-16 bits would work on a class a network.
IP version 4 uses 32 bit addresses which gives us about 4.3 billion addresses. 232 = 4,294,967,296. When TCP/IP was first created this seemed like more than enough, but over time we've found it isn't. We've been able to extend the life of IPv4 by using our internal ranges, but this has only delayed the inevitable. On 9/24/15 the last North American IP address was handed out by the North American regional Internet registry.
In 1998 IPv6 became a ratified standard and as an industry we've been slowly switching to it. The advantage of IPv6 is the 128 bit address size. That's 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses! That's a really big number, let's examine what it means. As of this writing there are 7,125,000,000 people on the earth. If we split the IP addresses evenly across all people each person would get 47,758,928,690,658,029,959,771,874,727 addresses. That's 47 billion, billion, billion addresses per person. On average each person is made up of about 7,000,000,000,000,000,000,000,000,000 atoms. That works out to about 6 IP addresses per atom for all atoms making up every person in the world. We should be good for a little while.
Computers are very good at working with a long stream of 1's and 0's, but we are not. If we look at an IPv6 address in binary it doesn't mean much to us.
If we convert the stream of 1's and 0's to dotted decimal notation it would look like this.
That's still a big number to work with, so we don't actually display IPv6 IP addresses in dotted decimal notation. Instead we convert the IP into 16 bit chunks and convert each to hexadecimal. Hexadecimal is a base 16 system meaning a single character can represent 16 different values. Using hex we can represent 4 bits with a single character. The table below shows the bit patterns for each character.
If we take the 128 bit IP address and split it 16 bit chunks and convert each chunk to hex and separate them with colons we end up with the following address.
0010 0000 0000 0001 = 2001
0000 1101 1010 1000 = 0da8
1011 0000 1110 0111 = b0e7
0010 1100 0010 0111 = 2c27
0000 0000 0000 0000 = 0000
0000 0000 0000 0000 = 0000
0000 0000 0000 0000 = 0000
0000 0000 0000 0001 = 0001
That's still pretty long. There are still characters we can remove and still keep the value of the IP address. The first thing we'll do is leading zero suppression. This is where we remove redundant or unneeded zeros from the start of the number. 0da8 is the same thing is da8, and 0000 is the same as 0.
This address is looking much better, but there's still one step we can do to make it shorter. We can do zero compression. This is where we remove groupings that are all zeros keeping at most two colons. Below you'll see the shortest possible representation of the 128 bit IPv6 address.
Earlier we learned how IPv4 addresses are split into two parts, the network portion and the host portion. We learned how the subnet mask identifies which bits are network bits and which are host bits. An IPv6 is also split into two parts. By default the first 64 bits represent your network, and the next 64 bits represent your hosts. On a network with 64 host bits we still have a little over 2.5 billion IP addresses per person in the world.
If you have a network with 64 network bits then you can use StateLess Address AutoConfiguration (SLAAC) to assign your IP addresses to your device. SLAAC is how your device generates its own IP address. First your device will generate a link local address which can be used to talk to over devices on the same network. The link local address starts with fe80 and can't be used to leave your network. The host portion is generated using either your MAC address, or a random number generator. Before your device can use the link local address it verifies its uniqueness by making sure no one else is using it. Once you have a link local address your device will then send out a router solicitation attempting to find a way out of the network.
If there's a router on the network it will reply with the network portion of the IP address. If there's a DHCP server on the network the router will tell the client how to find it to get the rest of the IP information.
The client will use the network portion combined with its unique host portion to generate a unique routable IP address.
We're making the transition to IPv6 slowly. The two protocols are not compatible with each other, but we've created technologies that allows the two to talk. It's because of these technologies that we've been able to take our time with the transition to IPv6. We may not see the end of IPv4 in our lifetime.
Our operating systems have a few tools built in that help troubleshoot IP networks. One such tool is the PING (Packet InterNet Groper) command. With the PING command you send an ICMP (Internet Control Message Protocol) packet to a remote node. The packet is returned with a code that helps you troubleshoot.
Below is a successful ping of a server. You'll see the server name was used when pinging, the server name is converted to the IP address of the server.
The successful PING let's us know that we can send a signal to the destination and it will return. This is a sign that we have network connectivity between the two devices. Below we can see what happens when we try to ping a device by name, but the name can't be turned into an IP address. This tell us either there's a problem with the network, or we are unable to convert the name to an IP address.
If we PING a device by IP address and it doesn't exist we see the request timed out.
Another tool you can use is trace route. Trace route is used to trace the route a packet takes to get to the destination. Typically a packet will travel from the source to the destination without modification. We don't know any information about all the layer 3 devices we pass through on the way. Trace route will shed some light on the path by adjusting the value of the TTL in the packet header. The first packet will contain a TTL of 1. This will cause it to fail at the first router, the first router will return the ICMP information giving us information on the 1st hop. The process will repeat with a TTL of 2 to revel information on the second hop. The process will repeat until we get the the destination. This will allow us to see where our connection is slowing down as it travels from network to network.
The problem with both protocols is the ICMP protocol is blocked on many routers. So you may run into a situation where the tool doesn't do what you think it should.
This was a long lesson that covered a lot of material. At the end of this lesson we can complete our TCP/IP network model diagram. The Internetwork layer uses IP addresses in it's header creating a packet.