Introduction to IP

IP stands for Internet Protocol. IP version 4 was specified in RFC 791, “Internet Protocol” in September 1981. The IPv4 we use today has not changed in any important respect since 1981. RFC 791 is one of the oldest standards still in use anywhere in computing. IP version 6 was originally specified in a set of 5 RFCs, in December 1995 (starting with RFC 1883). It was later updated with RFC 2460 in December 1998. It is currently specified in RFC 8200, “Internet Protocol , Version 6 (IPv6) Specification”, July 2017.

The Internet Protocol (or IP for short) is one of the most important protocols in the IETF’s Internet Protocol Suite (more commonly called TCP/IP, after two of the main protocols in the suite). TCP/IP is a collection of many network protocols used in most modern Local Area Networks (LANs), as well as the worldwide Internet. All incoming and outgoing traffic, regardless of application or transport protocol, must be processed by the Internet Protocol. Its design and capabilities heavily impact the capabilities of the overall network. IP lives in the Internet Layer of the DoD Four Level architectural model (OSI L3). The design of the other layers is largely independent of the internal details of IP, so the major changes from IPv4 to IPv6 have only minor impact on the design of the other layers. Most network applications developed for IPv4 require only minor changes (if any) to work over IPv6 (e.g. most web apps require no changes at all).

The main purpose of IP is to facilitate internetworking, which refers to exchanging packets between nodes in different subnets. It does this with packet delivery within a subnet, in combination with packet forwarding from one subnet to another via a gateway node (now more commonly called a router). If nodes alice-pc and bob-pc are in the same subnet (e.g. both in, alice-pc can send a packet directly to bob-pc over Ethernet. For simplicity in the following discussion, UDP over Ethernet is assumed. TCP is similar to UDP but has additional complexity in the Transport layer. Other Link Layer (L2) protocols (e.g. FDDI, ATM) are similar but may use a different type of Link Layer address.Let’s say that Alice (on node alice-pc) sends a UDP datagram to Bob (on node bob-pc). The following steps happen:

1. Alice’s application running in the Application Layer (L7-5) on alice-pc first obtains the IP address(es) for bob-pc by making a DNS query (“hey DNS, what is the IP address for node”). Then alice-pc sends a datagram (a block of up to 1500 bytes of data) to that IP address by calling the sendto function in the Socket API, specifying the source and destination IP addresses, as well as the source and destination port numbers. Node alice-pc uses its own IP address as the source address, and the IP address of bob-pc (from the DNS query) as the destination address. The protocol used determines the destination port (if the query was for DNS this would be port udp/53).

 2. The Transport Layer (L4) on alice-pc prepends a UDP header to the data block which contains the source and destination port numbers, and passes that, together with the source and destination IP addresses down to the Internet Layer (L3).

3. The Internet Layer (L3) on alice-pc prepends an IP header to the data block (now including the transport layer header). The IP header contains the source and destination IP addresses and other information (e.g. hop limit, QoS information, etc), creating an IP packet. It then passes this packet down to the underlying Link Layer (L2).

4. The Link Layer (L2) on alice-pc will check if the destination IP address is in its home link (subnet), by comparing the prefix (network address part) of the destination IP address with the prefix of the source IP address. If those match, it will use the packet IP destination address as the delivery address. If not (i.e. bob-pc is in a different subnet), it will use alice-pc’s default gateway IP address as the delivery address. It then uses address resolution to map the source IP address and delivery IP address in the packet to source and destination MAC addresses. It then wraps an Ethernet frame (an Ethernet header and trailer) around the packet using those MAC addresses. Finally, it writes that Ethernet frame (including the embedded IP packet) to the NIC (which actually transmits the frame over the wire). All nodes in the subnet will see that Ethernet frame. Most will discard the packet since the destination MAC address does not match their own.

5. Bob’s application (perhaps a DNS server) has called the receivefrom socket API entry point to accept incoming UDP packets on a particular port number (for a DNS server this would be port 53). The Link Layer (L2) on bob-pc will see the incoming Ethernet frame, recognize the Ethernet destination as its own MAC address, and accept the frame. It will remove the surrounding Ethernet header and trailer from the frame and pass the resulting IP packet to the Internet Layer.

6. Assuming bob-pc is in alice-pc’s subnet, the Internet Layer (L3) on bob-pc will recognize the destination IP address in the IP header as one of its own, and then do any other required processing of the IP header(s) and ICMP messages. For IP messages, it then strips the IP header(s) off and passes the resulting data block (including transport layer header) up to the Transport Layer (L4).7. The Transport Layer (L4) on bob-pc will extract the source and destination ports from the UDP header, and remove the header. The application that is looking for incoming packets on port 53 will see new data arrive. The data block is returned to the application running on bob-pc up in the Application Layer (L7-5).

That application can see the source IP address and port from which the packet was sent, if needed. It can also see the destination address and port should it need to (in IPv6 there might be several possible IP addresses that packets could be accepted for, and it might be significant which one the packet was addressed to).If bob-pc is in a different subnet (e.g., the packet will actually be delivered to alice-pc’s default gateway node (a router). The delivered packet still contains Bob’s IP address as destination.

A router will accept packets where the destination address does not match its own, so long as it has routing information concerning how to get the packet to the destination address. It does this by forwarding the packet to another interface, which is connected to a different subnet (hopefully one closer to bob-pc). It wraps the IP packet in a brand new Ethernet frame before sending it on its way. The default gateway itself has its own default gateway, or it may use static or dynamic routing information to determine how to relay the packet towards bob-pc. Moving the packet from one interface to another on a router is called packet forwarding. Deciding which interface to send it to is called routing.

host (a node with only one network interface) cannot do packet forwarding. Only a node with two or more interfaces (connected to two different subnets, with packet forwarding enabled) can do this. Such a node is called a router.


To summarize, both versions of the Internet Protocol live in the Internet Layer (L3). They work with IP addresses (32 bit addresses for IPv4 and 128 bit addresses for IPv6). Both IPv4 and IPv6 addresses get mapped onto Link Layer (L2) addresses (48 bit MAC addresses in the case of Ethernet), for delivery within a single subnet (either directly to the destination node, or to the subnet gateway node if the destination node is not on-link). Both IPv4 and IPv6 are concerned with internetworking, which is getting packets from one node to another, even if the two nodes are not in the same subnet. They both prepend IP headers to outgoing blocks of data, and process and remove them from incoming packets. Both versions have a “helper protocol” (ICMPv4 for IPv4 and ICMPv6 for IPv6).

If you like this site, check out (on crypto and PKI) - also free!