IP – The Internet Protocol

The Internet Protocol (or IP for short) is one of the most important protocols in the IETF’s Internet Protocol Suite (more commonly called TCP/IP, after two of the main protocols in the suite). TCP/IP is a collection of many network protocols used in most modern Local Area Networks (LANs), as well as the worldwide Internet. All incoming and outgoing traffic, regardless of application or transport protocol, must be processed by the Internet Protocol. Its design and capabilities heavily impact the capabilities of the overall network.

IP lives in the Internet Layer of the DoD Four Level architectural model (OSI Layer 3). The design of the other layers is largely independent of the internal details of the Internet Protocol, so the major changes from IPv4 to IPv6 have only minor impact on the design of the other layers. Most network applications developed for IPv4 require only minor changes (if any) to work over IPv6 (e.g. most web apps require no changes at all).

The main purpose of IP is to facilitate internetworking, which refers to exchanging packets between nodes in different subnets. It does this with packet delivery within a subnet, in combination with packet forwarding from one subnet to another via a gateway node (now more commonly called a router). If nodes alice-pc and bob-pc are in the same subnet (e.g. both in 172.20.0.0/16), alice-pc can send a packet directly to bob-pc over Ethernet. For simplicity in the following discussion, UDP over Ethernet is assumed. TCP is similar to UDP but has additional complexity in the Transport layer. Other Link Layer (OSI Layer 2) protocols (e.g. FDDI, ATM) are similar but may use a different type of Link Layer address.

Let’s say that Alice (on node alice-pc) sends a UDP datagram to Bob (on node bob-pc). The following steps happen:

1. Alice’s application running in the Application Layer (OSI Layers 5-7) on alice-pc first obtains the IP address(es) for bob-pc by making a DNS query (“hey DNS, what is the IP address for node bob-pc.bob-domain.com?”). DNS returns the IP address(es) registered for bob-pc to Alice. Then alice-pc sends a datagram (a block of up to 1500 bytes of data) to that IP address by calling the sendto function in the Socket API, specifying the source and destination IP addresses, as well as the source and destination port numbers. Node alice-pc uses its own IP address as the source address, and the IP address of bob-pc (from the DNS query) as the destination address. The protocol used determines the destination port (if the query was for DNS this would be port udp/53).

2. The Transport Layer (OSI Layer 4) on alice-pc prepends a UDP header to the data block which contains the source and destination port numbers, and passes that, together with the source and destination IP addresses down to the Internet Layer (OSI Layer 3).

3. The Internet Layer (OSI Layer 3) on alice-pc prepends an IP header to the data block (now including the transport layer header). The IP header contains the source and destination IP addresses and other information (e.g. hop limit, QoS information, etc), creating an IP packet. It then passes this packet down to the underlying Link Layer (OSI Layer 2).

4. The Link Layer (OSI Layer 2) on alice-pc will check if the destination IP address is in its home link (subnet), by comparing the prefix (network address part) of the destination IP address with the prefix of the source IP address. If those match, it will use the packet IP destination address as the delivery address. If not (i.e. bob-pc is in a different subnet), it will use alice-pc’s default gateway IP address as the delivery address. It then uses address resolution to map the source IP address and delivery IP address in the packet to source and destination MAC addresses. It then wraps an Ethernet frame (an Ethernet header and trailer) around the packet using those MAC addresses. Finally, it writes that Ethernet frame (including the embedded IP packet) to the NIC (which actually transmits the frame over the wire, over OSI Layer 1). All nodes in the subnet will see that Ethernet frame. Most will ignore the packet since the destination MAC address does not match their own and is not a broadcast MAC address.

5. Bob’s application (perhaps a DNS server) has called the receivefrom socket API entry point to accept incoming UDP packets on a particular port number (for a DNS server this would be port 53). The Link Layer (OSI Layer 2) on bob-pc will see the incoming Ethernet frame, recognize the Ethernet destination as its own MAC address, and accept the frame. It will remove the surrounding Ethernet header and trailer from the frame and pass the resulting IP packet to the Internet Layer.

6. Assuming bob-pc is in alice-pc’s subnet, the Internet Layer (OSI Layer 3) on bob-pc will recognize the destination IP address in the IP header as one of its own, and then do any other required processing of the IP header(s) and ICMP messages. For IP messages, it then strips the IP header(s) off and passes the resulting data block (including transport layer header) up to the Transport Layer (OSI Layer 4).

7. The Transport Layer (OSI Layer 4) on bob-pc will extract the source and destination ports from the UDP header, and remove the header. The application that is looking for incoming packets on port 53 will see new data arrive. The data block is returned to the application running on bob-pc up in the Application Layer (OSI Layers 5-7). That application can see the source IP address and port from which the packet was sent, if needed. It can also see the destination address and port should it need to (in IPv6 there might be several possible IP addresses that packets could be accepted for, and it might be significant which one the packet was addressed to).

If bob-pc is in a different subnet (e.g. 172.21.0.0/16), the packet will actually be delivered to alice-pc’s default gateway node (a router). The delivered packet still contains Bob’s IP address as destination. A router will accept packets where the destination address does not match its own, so long as it has routing information concerning how to get the packet to the destination address. It does this by forwarding the packet to another interface, which is connected to a different subnet (one closer to bob-pc). It wraps the IP packet in a brand new Ethernet frame before sending it on its way. The router has its own default gateway, or it may use static or dynamic routing information to determine how to relay the packet towards bob-pc. Moving the packet from one interface to another on a router is called packet forwarding. Deciding which interface to send it to is called routing. A host (a node with only one network interface) cannot do packet forwarding. Only a node with two or more interfaces (connected to two different subnets, with packet forwarding enabled) can do this. Such a node is called a router.