Network Layer Flashcards
List all the headers of an IP packet.
An IP packet is 32 bits wide and 20 bytes long at max. It has the following fields:
- Source and destination address fields.
- Type of Service field: allows us to tell a router how the datagram should be treated in terms of speed and reliability.
- Version field: for IPv4, it is 4: 0100
- Header Length field: represents the total IPv4 Header Length
- Total Length field: a packet may be smaller than the minimum LAN packet size or larger than the maximum.
- Time-to-live (TTL) field: is decremented by 1 at each router. If it reaches 0, the packet is discarded. The TTL field is there to prevent routing loops.
- Protocol field: contains a value to identify the contents of the packet body — e.g., ICMP packet, IP-in-IP packet, TCP packet, etc.
- Header checksum field: is applied to the header only, not the body. Its purpose is to allow the discarding of packets with corrupted headers.
- RF flag: Reserved for later use
10: DF flag: Don’t Fragment. If a destination is incapable of reassembling fragments, this bit is set to inform routers not to fragment - MF: More Fragments. All fragments except the last have this set.
Describe the Type of Service Field in the IP Header.
The Type of Service field allows us to tell a router how the datagram should be treated in terms of speed and reliability. There are 4 bits, indicating a packet to be treated in a particular way:
- Minimize delay
- Maximize throughput
- Maximize reliability
- Minimize cost
The Differentiated Services suite uses the DS flag to specify preferential handling for designated packets, e.g., packets involved in VoIP or other real-time protocols.
The ECN flag allows routers experiencing congestion to mark packets, thus indicating that the transmission rate should be reduced.
Describe ARP and its purpose.
Address Resolution Protocol (ARP) is a link-layer protocol that broadcasts a special frame (called an ARP request) on the local medium. ARP is only supposed to run on the local network because a different network might be of a different physical type.
ARP exists to solve the gap between the physical layer addresses and network layer addresses. ARP is not restricted to Ethernet and IP, but can be used to pair any physical and network layer addresses.
The ARP replies are kept in an ARP cache that times out and clears every 20 minutes.
What is the destination hardware address on an ARP Request broadcast?
ARP broadcasts an ARP Request in an Ethernet frame with destination hardware address ff:ff:ff:ff:ff:ff and source its own Ethernet address.
All hosts on the local network read the frame. The target host recognises the request for its IP address and sends an ARP Reply.
This ARP Reply, in an Ethernet frame, contains its own Ethernet address. It knows the source’s Ethernet address as read from the ARP request packet.
The source now gets the reply and reads out the target’s Ethernet address. It can now use that Ethernet address to send IP packets. Other hosts on the network don’t need to do anything.
What happens in ARP if the destination is not on the local network?
The solution is to send the packet to a gateway host and let it figure out where to send it next.
What happens in ARP if a machine is down after sending an ARP request?
After a few seconds and a few ARP requests, the OS returns an error message to the application trying to make the IP connection.
This error might be “no such host” or “host unreachable.”
Why is ARP insecure?
ARP is open to spoofing. Host A could send a gratuitous ARP reply containing its hardware address for host B.
The other machines on the local network would then send data destined for B towards A, thus allowing A to read B’s data and deny B any data.
Describe RARP and when it is usually seen to be used.
Reverse ARP solves the opposite problem of ARP: given a hardware address, it finds the IP address.
RARP is used when a diskless machine boots and wants to find its IP address on the home network. A device, such as a refrigerator, may make a RARP request when it boots to find its IP address.
RARP is simple but is limited by the fact that a hardware broadcast only goes to the local network and is not passed between networks.
The general solution to finding an IP address in multiple networks is using DHCP.
Describe ARP Bridging and explain how it is different from a Gateway.
ARP Bridging allows us to extend an Ethernet (or another network) over a physically larger distance than its specifications allow.
It allows joining a wireless network to a wired one, so they appear to be a single network. A bridge is a host that joins two physical networks into one.
ARP Bridging works well for joining a pair of networks, but is less suitable for larger collections of networks, particularly when there are multiple routes between hosts.
Describe Remote Bridging.
ARP Bridging is used to connect widely separated networks, e.g., over a WAN, so they appear as a single network. This is known as Remote Bridging.
Remote bridging is similar in principle to local bridging, but now such bridges must address the problems of how to encapsulate or convert link layers of the LAN and the WAN.
This is usually not a good idea for larger networks as the number of ARP requests will increase. It also has to cope with the differences in speed and packet sizes of both the networks.
Describe Virtual Bridging.
Virtual Bridging allows more than one network to run traffic over a single physical network.
Virtual Bridging is normally engaged in switches and routers, rather than end hosts.
Describe how more than one network can run traffic over a single physical network.
Virtual Bridging allows this. A frame from LAN A to Switch A can be routed across the remote link to Switch B to LAN B.
Switch A places a Virtual Bridge Tag on the frame, containing a virtual LAN (VLAN) identifier. Switch B receives the tagged frame and sees which VLAN to route to. It removes the tag and passes the frame to LAN B.
What is the advantage that Virtual Bridge Tagging brings?
Virtual Bridge Tagging generalises more complicated virtual LANs and allows multiple networks to share the same infrastructure.
This can save a lot of money.
What is the difference between a Bridge and a Gateway?
- A bridge is always used to regenerate the signal and find the most efficient path to transmit the frame. A gateway is used to increase compatibility to establish communication between two networks using two different protocols.
- A bridge always operates on frames, and the gateway operates on packets.
- Bridge operates on the physical layer and data link layer, whereas a gateway can operate on all the layers of the OSI model.
What is a Gratuitous ARP?
A gratuitous ARP is an ARP reply when no one has asked. This is useful in specific scenarios, for example, if a new machine joins the network or an existing machine changes its IP address for some reason.
All machines on the network are free to read or reply to any ARP request and modify their ARP caches accordingly.
A gratuitous ARP also helps break old associations that are no longer valid but still cached.
