Gourt Home::Gourt :: IPv4
Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant network layer protocol on the internet and when ignoring its successor — IPv6 — it is the only protocol used on the internet.
It is described in IETF RFC 791 (September 1981) which obsoleted RFC 760 (January 1980). The United States Department of Defense also standardized it as MIL-STD-1777.
IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g., Ethernet). It is a best effort protocol in that it doesn't guarantee delivery. It doesn't make any guarantees on the correctness of the data; it may result in duplicated packets and/or packets out-of-order. All of these things are addressed by an upper layer protocol (e.g., TCP, UDP).
The entire purpose of IP is to provide unique global computer addressing to ensure that two computers over the internet can uniquely identify one another.
Addressing
IPv4 uses 32-bit (4-byte) addresses, which limits the address space to 4,294,967,296 possible unique addresses. However, many are reserved for special purposes such as private networks (~18 million addresses) or multicast addresses (~1 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses and as the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run.
This limitation has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and is currently the only contender to replace IPv4.
Address representations
When writing IPv4 addresses in strings the most common notation is the dot-decimal notation. There are other notations based on the values of the octets of the IP address.For example, the IPv4 address for www.wikipedia.org is 207.142.131.235 in the dot-decimal notation which comprises four octets in decimal separated by periods. This is the base format used in the conversion in the following table:
| Notation | Value | Conversion from dot-decimal |
|---|---|---|
| Dot-decimal notation | 207.142.131.235 | N/A |
| Dotted Hexadecimal | 0xCF.0x8E.0x83.0xEB | Each octet is individually converted to hex |
| Dotted Octal | 0317.0216.0203.0353 | Each octet is individually converted into octal |
| Hexadecimal | 0xCF8E83EB | Concatenation of the octets from the dotted hexadecimal |
| Decimal | 3482223595 | The hexadecimal form converted to decimal |
| Octal | 031743501753 | The hexadecimal form converted to octal |
All/most of these formats should work in all browsers. Additionally, in dotted format, each octet can be of the different bases. For example, 207.0x8E.0203.235 is a valid (though unconventional) equivalent to the above addresses.
A final form is not really a notation since it is rarely written in an ASCII string notation. That form is a binary form of the hexadecimal notation in binary. This difference is merely the representational difference between the string "0xCF8E83EB" and the 32-bit integer value 0xCF8E83EB. This form is used in both the source and destination fields.
Allocation
Originally, the IP address was divided into two parts:- network id – first octet
- host id – last three octets
This created an upper limit of 256 networks and led to the creation of classful networks. Under classful networking, 5 classes were created (A, B, C, D, & E) with 3 created (A, B, & C) with different lengths of network number and rest fields to change the number of IPs in each range: few networks with lots of addresses and numerous networks with only a few addresses. Class D was for multicast addresses and class E is reserved.
Around 1993, the classful networks were replaced with a Classless Inter-Domain Routing (CIDR) scheme. CIDR's primary advantage is to allow subdivision of networks to let entities sub-allocate IPs (e.g., an ISP to a customer).
The actual assignment of an address is not arbitrary. The fundamental principle of routing is that address encodes information about a device's location within a network. This implies that an address assigned to one part of a network will not function in another part of the network. A hierarchical structure, created by CIDR and overseen by the Internet Assigned Numbers Authority (IANA) and its Regional Internet Registries (RIRs), manages the assignment of Internet address worldwide. Each RIR maintains a publicly searchable WHOIS database that provides information about IP address assignments; information from these databases plays a central role in numerous tools that attempt to locate IP addresses geographically.
| CIDR address block | Description | Reference |
|---|---|---|
| 0.0.0.0/8 | Current network (only valid as source address) | RFC 1700 |
| 10.0.0.0/8 | Private network | RFC 1918 |
| 14.0.0.0/8 | Public data network | RFC 1700 |
| 39.0.0.0/8 | Reserved | RFC 1797 |
| 127.0.0.0/8 | Localhost | RFC 1700 |
| 128.0.0.0/16 | Reserved | |
| 169.254.0.0/16 | Zeroconf | RFC 3927 |
| 172.16.0.0/12 | Private network | RFC 1918 |
| 191.255.0.0/16 | ||
| 192.0.0.0/24 | ||
| 192.0.2.0/24 | Test network | RFC 3330 |
| 192.88.99.0/24 | IPv6 to IPv4 relay | RFC 3068 |
| 192.168.0.0/16 | Private network | RFC 1918 |
| 198.18.0.0/15 | Network benchmark tests | RFC 2544 |
| 223.255.255.0/24 | Reserved | RFC 3330 |
| 224.0.0.0/4 | Multicasts (former Class D network) | RFC 3171 |
| 240.0.0.0/4 | Reserved (former Class E network) | RFC 1700 |
| 255.255.255.255 | Broadcast | |
Private networks
Of the 4+ billion addresses allowed in IPv4, three ranges of address are reserved for private networking use only. These ranges are not routable outside of private network and private machines cannot directly communicate with public networks. They can, however, do so through network address translation.The following are the three ranges reserved for private networks:
| Name | IP address range | number of IPs | classful description | largest CIDR block |
|---|---|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | 16,777,215 | single class A | 10.0.0.0/8 |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 1,048,576 | 16 contiguous class Bs | 172.16.0.0/12 |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65,535 | 256 contiguous class Cs | 192.168.0.0/16 |
Localhost
In addition to private networking, the IP range 127.0.0.0 – 127.255.255.255 (or 127.0.0.0/8 in CIDR notation) is reserved for localhost communication. Any address within this range should never appear on an actual network and any packet sent to this address does not leave the source computer, and will appear as an incoming packet on that computer (known as Loopback).
Resolving
The Internet is most publicly known not by IP addresses but by names (e.g., www.wikipedia.org, www.whitehouse.gov, www.freebsd.org, www.mit.edu). The routing of IP packets across the Internet is oblivious to such names. This requires translating (or resolving) names to IP address.
The Domain Name System (DNS) provides such a system to convert names to IP address(es) and IP addresses to names. Much like CIDR addressing, the DNS naming is also hierarchical and allows for subdelegation of name spaces to other DNS servers.
Exhaustion
A concern that has spanned decades to the 1980s is the exhaustion of available IP addresses. This was the driving factor in classful networks and then later in the creation of CIDR addressing.Today, there are several driving forces to the next address allocation solution:
- Mobile devices — laptop computers, PDAs, mobile phones
- Always-on devices — ADSL modems, cable modems
- Rapidly growing number of internet users
The most visible solution is to migrate to IPv6 since the address size jumps dramatically from 32-bit to 128-bit which would allow about 18 quintillion people their own set of 18 quintillion addresses (3.4e38 total addresses). However, migration has proved to be a challenge in itself, and total Internet adoption of IPv6 is unlikely to occur for many years.
Some things that can be done to mitigate the IPv4 address exhaustion are (not mutually exclusive):
- Network address translation (NAT)
- Use of private networks
- Dynamic Host Configuration Protocol (DHCP)
- Named based virtual hosting
- Tighter control by Regional Internet Registries on the allocation of addresses to Local Internet Registries
- Network renumbering to reclaim large blocks of address space allocated in the early days of the Internet
As of 2004, predictions for the exhaustion of the IPv4 address space range from 2016 (for unallocated pool exhaustion) to 2023 (for complete exhaustion of the address space). Historically, though, forward predictions for the date of address exhaustion have been unreliable; predictions from the late 1980s have not been borne out in practice.
Network address translation
One method to increase both address utilization and security is to use network address translation (NAT). By assigning one IP to a public machine as an internet gateway and using a private network for an organization's computers allows for considerable address savings. This also increases security by making all of the computers on a private network not directly accessible from the public network.
Virtual private networks
Since private address ranges are deliberately ignored by all public routers, it is not normally possible to connect two private networks (e.g., two branch offices) via the public Internet. Virtual private networks (VPNs) solve this problem.
VPNs work by inserting an IP packet (encapsulated packet) directly into the data field of another IP packet (encapsulating packet) and using a publicly routable address in the encapsulating packet. Once the VPN packet is routed across the public network and reaches the endpoint, the encapsulated packet is extracted and then transmitted on the private network just as if the two private networks were directly connected.
Optionally, the encapsulated packet can be encrypted to secure the data while over the public network (see VPN article for more details).
Address Resolution Protocol
Since IP is an upper layer protocol to the data link layer there arises a problem of when a computer with IP address A wants to communicate with IP address B. In order to send a packet from A to B, A needs to know the hardware address of B. This discovery is done through Address Resolution Protocol (ARP).
Reverse Address Resolution Protocol/DHCP
Unlike the situation outlined for ARP, the case arises when a computer knows its data link layer address but not its IP address. This is a common scenario in private networks and Digital Subscriber Line (DSL) connections when the IP address of the machines are irrelevant. This is usually the case for work stations but not servers.
RARP is an obsoleted method for answering this question: This is my hardware address, what is my IP address? RARP was replaced by BOOTP which, in turn, was replaced by Dynamic Host Configuration Protocol (DHCP).
In addition to sending the IP address, DHCP can also send the NTP server, DNS servers, and more.
Packet structure
An IP packet consists of two sections:
- header
- data
Header
The header consists of 13 fields, of which only 12 are required. The 13th field is optional (red background in table) and aptly named: options. The fields in the header are packed with the most significant byte first (big endian), and for the diagram and discussion, the most significant bits are considered to come first. The most significant bit is numbered 0, so the version field is actually found in the 4 most significant bits of the first byte, for example.| + | Bits 0 - 3 | 4 - 7 | 8 - 15 | 16 - 18 | 19 - 31 | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | Version | Header length | Type of Service (now DiffServ and ECN) | Total Length | ||||||||||||||||||||||||||||
| 32 | Identification | Flags | Fragment Offset | |||||||||||||||||||||||||||||
| 64 | Time to Live | Protocol | Header Checksum | |||||||||||||||||||||||||||||
| 96 | Source Address | |||||||||||||||||||||||||||||||
| 128 | Destination Address | |||||||||||||||||||||||||||||||
| 160 | Options | |||||||||||||||||||||||||||||||
| 160/192+ | Data | |||||||||||||||||||||||||||||||
- Version : The first header field in an IP packet is the 4-bit version field. For IPv4, this has a value of 4 (hence the name IPv4).
- Internet Header Length (IHL) : The second field is a 4-bit Internet Header Length (IHL) telling the number of 32-bit words in the header. Since an IPv4 header may contain a variable number of options, this field specifies the size of the header (this also coincides with the offset to the data). The minimum header size is 20 bytes, so the minimum value for this field is 5 (5×4 = 20 bytes). Being a 4-bit field the maximum length is 15 words or 60 bytes.
- Type of Service (ToS) : In RFC 791, the following 8 bits were allocated to a Type of Service (ToS) field:
- bits 0-2: precedence
- bit 3: 0 = Normal Delay, 1 = Low Delay
- bit 4: 0 = Normal Throughput, 1 = High Throughput
- bit 5: 0 = Normal Reliability, 1 = High Reliability
- bits 6-7: Reserved for future use
- This field is now used for DiffServ and ECN. The original intention was for a sending host to specify a preference for how the datagram would be handled as it made its way through an internetwork. For instance, one host could set its IPv4 datagrams' ToS field value to prefer low delay, while another might prefer high reliability. In practice, the ToS field has not been widely implemented. However, a great deal of experimental, research and deployment work has focused on how to make use of these eight bits. These bits have been redefined, most recently through DiffServ working group in the IETF and the Explicit Congestion Notification codepoints (see RFC 3168). New technologies are emerging that require real-time data streaming and therefore will make use of the ToS field. An example is Voice over IP (VoIP) that is used for interactive data voice exchange.
- Total Length : This field defines the entire datagram size, including header and data, in bytes. The minimum-length datagram is 20 bytes (20 bytes header + 0 bytes data) and the maximum is 65,535 — the maximum value of a 16-bit word. The minimum size datagram that any host is required to be able to handle is 576 bytes, but most modern hosts handle much larger packets. Sometimes subnetworks impose further restrictions on the size, in which case datagrams must be fragmented. Fragmentation is handled in either the host or packet switch in IPv4 (see #Fragmentation and reassembly).
- Identification : This field is an identification field and is primarily used for uniquely identifying fragments of an original IP datagram. Some experimental work has suggested using the ID field for other purposes, such as for adding packet-tracing information to datagrams in order to help trace back datagrams with spoofed source addresses.
- Flags : A 3-bit field follows and is used to control or identify fragments. They are (in order, from high order to low order):
- Reserved, must be zero
- Don't Fragment (DF)
- More Fragments (MF)
- If the DF flag is set and fragmentation is required to route the packet then the packet will be dropped. This can be used when sending packets to a host that does not have sufficient resources to handle fragmentation.
- When a packet is fragmented all fragments have the MF flag set except the last fragment, which does not have the MF flag set. The MF flag is also not set on packets that are not fragmented — clearly an unfragmented packet can be considered the last fragment.
- Fragment Offset : The fragment offset field is 13-bits long and allows a receiver to determine the place of a particular fragment in the original IP datagram, measured in units of 8-byte blocks. This method allows a maximum offset of 65,528 () which would exceed the maximum IP packet length of 65,535 with the header length counted with it. Therefore the 1st bit of the Fragment Offset is mostly unused and is, for an April 1st joke, proposed in RFC 3514 as the "Evil bit" header flag.
- Time To Live (TTL) : An 8-bit time to live (TTL) field helps prevent datagrams from persisting (e.g. going in circles) on an internetwork. Historically the TTL field limited a datagram's lifetime in seconds, but has come to be a hop count field. Each packet switch (or router) that a datagram crosses decrements the TTL field by one. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded. Typically, an ICMP message (specifically the time exceeded) is sent back to the sender that it has been discarded. The reception of these ICMP messages is at the heart of how traceroute works.
- Protocol : This field defines the protocol used in the data portion of the IP datagram. The Internet Assigned Numbers Authority maintains a list of Protocol numbers and were originally defined in RFC 790. Common protocols and their decimal values are shown below (see #Data).
- Header Checksum : The 16-bit checksum field is used for error-checking of the header. At each hop, the checksum of the header must be compared to the value of this field. If a header checksum is found to be mismatched, then the packet is discarded. Note that errors in the data field are up to the encapsulated protocol to handle — indeed, both UDP and TCP have checksum fields.
- Since the TTL field is decremented on each hop and fragmentation is possible at each hop then at each hop the checksum will have to be recomputed. The method used to compute the checksum is defined within RFC 791:
- The checksum field is the 16-bit one's complement of the one's complement sum of all 16-bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero.
- In other words, all 16-bit words are summed together using one's complement (with the checksum field set to zero). The sum is then one's complemented. This final value is then inserted as the checksum field.
- Source address : An IP address is a group of 4 8-bit octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value.
- For example, the address 10.9.8.7 (00001010.00001001.00001000.00000111 in binary) would be 00001010000010010000100000000111.
- This address is the address of the sender of the packet. Note that this address may not be the "true" sender of the packet due to network address translation. Instead, the source address will be translated by the NATing machine to its own address. Thus, reply packets sent by the receiver are routed to the NATing machine, which translates the destination address to the original sender's address.
- Destination address : Identical to the source address field but indicates the receiver of the packet.
- Options : Additional header fields (called options) may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words). The list of options may be terminated with an EOL (End of Options List) option; this is only necessary if the end of the options would not otherwise coincide with the end of the header.
- The use of the LSSR and SSRR options (Loose and Strict Source and Record Route) is discouraged because they create security concerns; many routers block packets containing these options.
Data
The last field is not a part of the header and, consequently, not included in the checksum field. The contents of the data field are specified in the protocol header field and can be any one of the transport layer protocols.Some of the most commonly used protocols are listed below including their value used in the protocol field:
- 1: Internet Control Message Protocol (ICMP)
- 2: Internet Group Management Protocol (IGMP)
- 6: Transmission Control Protocol (TCP)
- 17: User Datagram Protocol (UDP)
- 89: Open Shortest Path First (OSPF)
- 132: Stream Control Transmission Protocol (SCTP)
See List of IPv4 protocol numbers for a complete list.
Fragmentation and reassembly
To make IPv4 more tolerant of different networks the concept of fragmentation was added so that, if necessary, a device could break up the data into smaller pieces. This is necessary when the maximum transmission unit (MTU) is smaller than the packet size.
For example, the maximum size of an IP packet is 65,535 bytes while the typical MTU for Ethernet is 1,500 bytes. Since the IP header consumes 20 bytes (without options) of the 1,500 bytes leaving 1,480 bytes of IP data per Ethernet frame (this leads to an MTU for IP of 1,480 bytes). Therefore, a 65,535-byte data payload would require 45 packets (65535/1480 = 44.28).
The reason fragmentation was chosen to occur at the IP layer is that IP is the first layer that connects hosts instead of machines. If fragmentation were performed on higher layers (TCP, UDP, etc.) then this would make fragmentation/reassembly be redundantly implemented (once per protocol); if fragmentation were performed on a lower layer (Ethernet, ATM, etc.) then this would require fragmentation/reassembly be performed on each hop (could be quite costly) and redundantly implemented (once per link layer protocol). So doing fragmentation at the IP layer is the most efficient layer for this to be done.
Fragmentation
When a device receives an IP packet it examines the destination address and determines the outgoing interface to use. This interface has an associated MTU that dictates the maximum data size for its payload. If the MTU is smaller than the data size then the device must fragment the data.The device then segments the data into segments where each segment is less-than-or-equal-to the MTU less the IP header size (20 bytes minimum; 60 bytes maximum). Each segment is then put into its own IP packet with the following changes:
- The total length field will be adjusted to the segment size
- The more fragments (MF) flag is set for all segments except the last one
- The fragment offset field is set accordingly based on the offset of the segment in the original data payload
For example, for an IP header of length 20 bytes and an Ethernet MTU of 1,500 bytes the fragment offsets would be: 0, 1480, 2960, 4440, 5920, etc.
By some chance if a packet changes link layer protocols or the MTU reduces then these fragments would be fragmented again.
For example, if a 4,500 byte data payload is inserted into an IP packet with no options (thus total length is 4,520 bytes) and is transmitted over a link with an MTU of 2,500 bytes then it will be broken up into two fragments:
| # | Total length | More fragments (MF) flag set? | Fragment offset | |
|---|---|---|---|---|
| Header | Data | |||
| 1 | 2500 | rowspan="2" align="center" | 0 | |
| 20 | 2480 | |||
| 2 | 2040 | rowspan="2" align="center" | 2480 | |
| 20 | 2020 | |||
Now, let's say the MTU drops to 1,500 bytes. Each fragment will individually be split up into two more fragments each:
| # | Total length | More fragments (MF) flag set? | Fragment offset | |
|---|---|---|---|---|
| Header | Data | |||
| 1 | 1500 | rowspan="2" align="center" | 0 | |
| 20 | 1480 | |||
| 2 | 1020 | rowspan="2" align="center" | 1480 | |
| 20 | 1000 | |||
| 3 | 1500 | rowspan="2" align="center" | 2480 | |
| 20 | 1480 | |||
| 4 | 560 | rowspan="2" align="center" | 3960 | |
| 20 | 540 | |||
Indeed, the amount of data has been preserved — 1480 + 1000 + 1480 + 540 = 4500 — and the last fragment offset plus data — 3960 + 540 = 4500 — is also the total length.
Note that fragments 3 & 4 were derived from the original fragment 2. When a device must fragment the last fragment then it must set the flag for all but the last fragment it creates (fragment 3 in this case).
Reassembly
When a receiver detects an IP packet where either of the following is true:- "more fragments" flag set
- "fragment offset" field is non-zero
then the receiver knows the packet is a fragment. The receiver then stores the data with the identification field, fragment offset, and the more fragments flag. When the receiver receives a fragment with the more fragments flag not set then it knows the length of the original data payload since the fragment offset plus the data length is equivalent to the original data payload size.
Using the example above, when the receiver receives fragment #4 the fragment offset (3960) and the data length (540) added together yield 4500 — the original data length.
Once it has all the fragments then it can reassemble the data in proper order (by using the fragment offsets) and pass it up the stack for further processing.
See also
- Classful network
- Classless Inter-Domain Routing
- Internet Assigned Numbers Authority
- IPv6
- List of assigned /8 IP address blocks
- List of IP protocol numbers
- Regional Internet Registry
External links
- RFC 791 - Internet Protocol
- http://www.iana.org – Internet Assigned Numbers Authority (IANA)
- http://www.ipnow.org – IPv4 and Other IP Address Formats Detector
Address exhaustion
- RIPE report on address consumption as of October 2003
- Official current state of IPv4 /8 allocations, as maintained by IANA
- Dynamically generated graphs of IPv4 address consumption with predictions of exhaustion dates
- Display your IP Address, Browser Information, and more
- Article on IPv4 Exhaustion - "Running Out of Time?"
- Internet RFC database and Internet RFCs in HTML format
- APNIC hot topics - IP addressing in China and the myth of address shortage
Internet protocols | Internet standards | Internet architecture
IPv4 | IPv4 | IPv4 | IPv4 | IPv4 | IPv4 | Internet Protocol Version 4 | IPv4 | IPv4 | IPv4 | Protocolo IP | IPv4 | IPv4 | IPv4 | IPv4 | IPv4
"IPv4"