Computer Networks Flashcards - Lecture 3: ip and subnetting

What are the three key functions of the network layer?

(1) At sending host: encapsulates transport-layer segments into datagrams, (2) At routers: forwards datagrams based on destination addresses, (3) At receiving host: extracts segments and delivers to transport layer

What are the three main network layer protocols?

(1) IP Protocol - defines datagram format, addressing, packet handling, (2) ICMP Protocol - error reporting and router signaling, (3) Routing Protocols - OSPF (intra-domain), BGP (inter-domain)

What is an IP datagram?

An IP packet consisting of a header (typically 20 bytes, up to 60 with options) and a payload (usually a TCP or UDP segment)

What does the Version field (4 bits) in the IP header indicate?

Specifies the IP version: IPv4 = 4 (binary 0100), IPv6 = 6 (binary 0110); router checks this first to know how to process the packet

What does the Header Length field (4 bits) specify?

Length of IP header in 32-bit words; minimum value is 5 (20 bytes), maximum is 15 (60 bytes); variable because of optional fields

What is the range of the Total Length field (16 bits)?

20 bytes (header only) to 65,535 bytes maximum; however, most networks have smaller MTU (typically 1500 bytes for Ethernet)

What is MTU?

Maximum Transmission Unit - the largest packet size that can be transmitted on a link (typically 1500 bytes for Ethernet)

What is the purpose of the Identification field (16 bits)?

Unique number assigned by sending host to each datagram; all fragments of the same original datagram share this ID to allow reassembly at destination

What are the three flag bits in the IP header?

Bit 0: Reserved (always 0), Bit 1: DF (Don't Fragment) - 1 means don't fragment, Bit 2: MF (More Fragments) - 1 means more fragments follow

What is the Fragment Offset field used for?

Indicates the position of this fragment in the original datagram; measured in 8-byte blocks; allows receiver to reassemble fragments in correct order (range: 0 to 8191)

Example: Original datagram is 4000 bytes, MTU is 1500 bytes. How many fragments are created?

Three fragments: Fragment 1 (1500 bytes, offset 0), Fragment 2 (1500 bytes, offset 185), Fragment 3 (1060 bytes, offset 370, MF=0)

What is the purpose of the TTL (Time To Live) field?

Prevents packets from looping forever; initially set by source (typically 64 or 128), decremented by 1 at each router; when reaches 0, router discards packet and sends ICMP "Time Exceeded" message

What are typical initial TTL values?

Windows: 128, Linux/Mac: 64, Cisco routers: 255

What does the Protocol field (8 bits) identify?

Upper-layer protocol carried in payload: 1 = ICMP, 6 = TCP, 17 = UDP, 41 = IPv6, 89 = OSPF

What is the purpose of the Header Checksum field?

Error detection for header only (not payload); simple one's complement checksum; must be recalculated at each hop because TTL changes

Why does the IP header checksum only cover the header and not the payload?

Because payload is already protected by upper-layer protocols (TCP/UDP have their own checksums); this speeds up router processing

What is the typical overhead for TCP/IP?

IP header: 20 bytes, TCP header: 20 bytes, Total: 40 bytes (UDP header is only 8 bytes, so UDP+IP = 28 bytes)

What is an IP address?

A 32-bit identifier (in IPv4) that uniquely identifies an interface (not a device) on a network

Why are IP addresses assigned to interfaces, not devices?

Because routers typically have multiple interfaces (one per link) and hosts can have multiple interfaces (wired and wireless)

What is dotted-decimal notation?

Format for IP addresses: four decimal numbers (0-255) separated by dots, each representing 8 bits; Example: 192.168.1.100

How many total IPv4 addresses are possible?

2³² = 4,294,967,296 addresses (approximately 4.3 billion)

What are three special IP addresses?

0.0.0.0 (this network or unknown), 255.255.255.255 (broadcast to all hosts on local network), 127.0.0.1 (loopback - this computer)

What is a subnet?

A group of device interfaces that can physically reach each other without passing through an intervening router (same local network)

How do you identify subnets in a network?

Detach each interface from its host or router, create "islands" of isolated networks; each isolated network is a subnet

What are the two parts of an IP address structure?

(1) Subnet part (network prefix) - high-order bits, common to all devices in same subnet, (2) Host part - low-order bits, unique to each device within subnet

What is CIDR notation format?

a.b.c.d/x, where a.b.c.d is the IP address and /x is the number of bits in the subnet part (called "slash notation")

Example: 223.1.1.0/24. What are the subnet and host parts?

First 24 bits are subnet part (223.1.1), last 8 bits are host part; subnet mask is 255.255.255.0; number of usable hosts = 2⁸ - 2 = 254

Why subtract 2 when calculating usable host addresses?

Network address (all host bits 0) and broadcast address (all host bits 1) are reserved; Example: in 223.1.1.0/24, 223.1.1.0 is network address, 223.1.1.255 is broadcast

What were the three classes in classful addressing (before CIDR)?

Class A: first bit 0, /8 network (16M hosts), Class B: first bits 10, /16 network (65K hosts), Class C: first bits 110, /24 network (254 hosts)

What were the problems with classful addressing?

Wasteful (most organizations too big for Class C, too small for Class B), inflexible (couldn't create custom-sized networks), address exhaustion imminent

What is CIDR (Classless Inter-Domain Routing)?

Introduced in 1993, allows subnet portion to be arbitrary length (not just 8, 16, or 24 bits); format a.b.c.d/x where x can be any value 0-32

Example: 200.23.16.0/23. How many addresses?

23-bit subnet part leaves 9 bits for hosts; 2⁹ = 512 total addresses, 510 usable hosts

What are the three benefits of CIDR?

(1) Efficient address allocation - right-sized blocks, (2) Route aggregation - multiple networks in single routing entry, (3) Hierarchical allocation - matches network structure

What is route aggregation?

Multiple networks represented by a single routing entry; reduces routing table size dramatically and improves efficiency

Example: ISP has 200.23.16.0/20 and allocates eight /23 blocks. How many routing table entries needed with vs without aggregation?

Without aggregation: 8 entries (one per /23 block); With aggregation: 1 entry (the /20 block covers all eight /23 blocks)

What is the longest prefix matching rule?

When multiple forwarding table entries match a destination address, the router chooses the entry with the longest matching prefix (most specific route)

Example: Packet to 200.23.18.50 matches both 200.23.16.0/20 and 200.23.18.0/23. Which route is chosen?

200.23.18.0/23 because it has a longer prefix (23 bits vs 20 bits) - more specific route takes precedence

Why is longest prefix matching important?

Enables hierarchical routing, allows specific routes to override general routes, supports route aggregation while allowing exceptions

What is TCAM?

Ternary Content Addressable Memory - special hardware in routers for fast lookups; can search all entries in parallel in one clock cycle, independent of table size

What are the two methods for a host to obtain an IP address?

(1) Hard-coded (static) configuration - manually configured by administrator, (2) DHCP (Dynamic) - automatically obtained from DHCP server

When is static IP configuration used?

For servers (need stable addresses), routers and network equipment, printers and shared devices, critical infrastructure

What are the advantages of static IP configuration?

Predictable addresses, no dependency on DHCP server, works immediately on boot

What are the disadvantages of static IP configuration?

Manual effort for many devices, risk of address conflicts, must manually track assignments, must reconfigure if network changes

What is DHCP (Dynamic Host Configuration Protocol)?

Protocol that automatically assigns IP configuration to hosts joining a network; provides "plug-and-play" connectivity with no manual setup required

What configuration information can DHCP provide? (5 items)

(1) IP address, (2) Subnet mask, (3) Default gateway (first-hop router), (4) DNS server address(es), (5) Lease duration [Also: NTP server, domain name, WINS, boot server]

What are the four steps of the DHCP protocol?

(1) DHCP Discover - client broadcasts to find server, (2) DHCP Offer - server offers IP address, (3) DHCP Request - client accepts offer, (4) DHCP ACK - server confirms assignment

In DHCP Discover, what IP addresses does the client use?

Source IP: 0.0.0.0 (client has no IP yet), Destination IP: 255.255.255.255 (broadcast to entire subnet), Source Port: 68, Dest Port: 67

Why does DHCP Discover use source IP 0.0.0.0?

Because the client doesn't have an IP address yet; uses all zeros as a placeholder

Why does DHCP use broadcast (255.255.255.255) instead of unicast?

Client doesn't have an IP address yet and cannot receive unicast; broadcast reaches all devices including DHCP server

In DHCP Offer, what information does the server provide?

Offered IP address (yiaddr), lease time, server's own IP address, subnet mask, default gateway, DNS server, other configuration parameters

Why does the DHCP server broadcast its Offer response?

Client still doesn't have an IP address and can't receive unicast yet; client identifies the response by matching transaction ID

Can DHCP Discover and Offer steps be skipped?

Yes, if the client remembers and wishes to reuse a previously allocated address (RFC 2131), it can skip directly to DHCP Request

What information is included in the DHCP ACK message?

Confirms IP address assignment, includes subnet mask, default gateway, DNS server, lease time, and other configuration parameters

What is a typical DHCP lease duration?

Home networks: often 24 hours, Enterprise: may be weeks, Public Wi-Fi: often 1-2 hours

When does a DHCP client renew its lease?

Typically at 50% of lease time; if renewal fails, tries again at 87.5%; if still fails, must obtain new address

What happens when a DHCP lease expires?

Address returns to the pool and can be assigned to another client; enables efficient address usage for mobile devices

What are the DHCP port numbers?

Client uses port 68, Server uses port 67 (both UDP)

Describe the protocol stack encapsulation for DHCP Discover

DHCP message → UDP (ports 68→67) → IP (0.0.0.0 → 255.255.255.255) → Ethernet (broadcast MAC FF:FF:FF:FF:FF:FF) → Physical bits

How does a network obtain its subnet portion of IP addresses?

From their provider ISP, who subdivides their allocated address block and assigns portions to customers

Example: ISP has 200.23.16.0/20. How many /23 blocks can they create?

Eight /23 blocks (each with 512 addresses): 200.23.16.0/23, 200.23.18.0/23, 200.23.20.0/23, through 200.23.30.0/23

What is ICANN?

Internet Corporation for Assigned Names and Numbers - global authority for IP address allocation, DNS root zone management, and TLD delegation

What are the five Regional Internet Registries (RIRs)?

(1) ARIN - North America, (2) RIPE NCC - Europe/Middle East/Central Asia, (3) APNIC - Asia-Pacific, (4) LACNIC - Latin America/Caribbean, (5) AFRINIC - Africa

What is the IP address allocation flow hierarchy?

ICANN/IANA (global pool) → Regional RIRs → Large ISPs/National Registries → Smaller ISPs → Organizations → End Users

When did IPv4 addresses become exhausted?

2011 - ICANN allocated the last chunk of IPv4 addresses to RIRs; today IPv4 addresses are scarce and valuable ($20-50 per address)

What are the three solutions to IPv4 address exhaustion?

(1) NAT (Network Address Translation) - multiple devices share one public IP, (2) IPv6 - 128-bit addresses (3.4 × 10³⁸ addresses), (3) More efficient allocation - CIDR and reclaiming unused blocks

How many addresses does IPv6 provide?

2¹²⁸ ≈ 3.4 × 10³⁸ addresses (enough for every grain of sand on Earth to have an IP address)

What are the three RFC 1918 private address ranges?

(1) 10.0.0.0/8 (16.7M addresses - large orgs), (2) 172.16.0.0/12 (1M addresses - medium orgs), (3) 192.168.0.0/16 (65K addresses - home/small business)

What are the characteristics of private IP addresses?

Not routable on public Internet, can be used by anyone (no registration), must use NAT to communicate with Internet, locally unique only, reusable across different networks

Why can multiple networks use the same private IP addresses?

Because they're not routable on the public Internet and are separate networks; for example, every home network can use 192.168.1.0/24 without conflict

What is the IP header checksum algorithm?

Treat header as sequence of 16-bit words, sum all words, take one's complement of sum; receiver recalculates and discards packet if doesn't match

Why must the IP header checksum be recalculated at each router?

Because the TTL field changes at each hop (decremented by 1), so the checksum must be recomputed

What mechanism does traceroute use to discover the path?

Uses the TTL field: sends packets with incrementing TTL values (1, 2, 3…); each router decrements TTL and returns "time exceeded" when TTL reaches 0

Calculate: Packet of 100 bytes application data with TCP/IP headers. What is the efficiency?

Application data: 100 bytes, Headers: 40 bytes (20 IP + 20 TCP), Total: 140 bytes, Efficiency: 100/140 = 71%

Calculate: For 223.1.1.0/24, what are the network address, broadcast address, and usable range?

Network: 223.1.1.0, Broadcast: 223.1.1.255, Usable range: 223.1.1.1 through 223.1.1.254 (254 usable addresses)

What does Path MTU Discovery use?

The DF (Don't Fragment) flag; if packet too large for link, router drops it and sends ICMP error; sender reduces packet size until it fits entire path

Why is IPv6 deployment slow despite IPv4 exhaustion?

Requires infrastructure upgrades, backward compatibility challenges, NAT provides temporary solution, transition costs are highv