Article Directory
Functions of the network layer
■Defines the logical address based on the IP protocol
■Connects to different media types
■Selects the best path for data to pass through the network
IP packet format
The TCP/IP protocol defines a packet that is transmitted on the Internet, called IP Datagram. This is a virtual packet that has nothing to do with hardware and consists of two parts: the header and the data. The first part of the header is a fixed length, A total of 20 bytes are required for all IP datagrams. After the fixed part of the header are some optional fields, the length of which is variable.
Fields in the fixed part of the IP datagram header
Version: occupies 4 digits and refers to the version of the IP protocol. The version of the IP protocol used by both parties must be the same. The version number of the IP protocol widely used recently is 4 (i.e. IPv4). IPv6 is still in its infancy.
Header length : occupies 4 bits, and the largest decimal value that can be represented is 15. Please note that the unit of the number represented by this field is 32-bit words (1 32-bit word length is 4 bytes), so when the IP header length When it is 1111 (that is, 15 in decimal), the length of the header reaches 60 bytes. When the length of the header of the IP packet is not an integral multiple of 4 bytes, it must be filled with the last padding field. Therefore, the data part is always 4 bytes It is more convenient to implement the IP protocol. The disadvantage of limiting the length of the header to 60 bytes is that it may not be enough. The purpose of this is to hope that the user will minimize the overhead. The most commonly used header length is 20 bytes ( That is, the length of the header is 0101), and no options are used at this time.
Service : It occupies 8 bits and is used to obtain better services. This field is called service type in the old standard, but it has not been used in fact. In 1998, the IETF renamed this field as Differentiated Services (DS). Only This field only works when using differentiated services.
Total length : The total length refers to the length of the capital and the sum of the data, in bytes. Because the total length field is 16 bits, the maximum length of the datagram is 216-1=65 535 bytes. Each in the IP layer Each data link layer has its own frame format, including the maximum length of the data field in the frame format, that is, the maximum transfer unit MTU (Maximum Transfer Unit). When a datagram is encapsulated into a link layer frame, this data The total length of the report (that is, the header plus the data part) must not exceed the MTU value of the data link layer below, otherwise it will be fragmented.
Identification (Identification): accounting for 16 .IP software counter is maintained in a memory, each data packet is generated, the counter is incremented, and the value assigned to this field but the identification "ID" is not the serial number, because the IP Yes. For connectionless services, there is no problem of sequential reception of datagrams. When a datagram must be fragmented because its length exceeds the MTU of the network, the value of this identification field is copied to the identification field of all datagrams. The same The value of the identification field enables each datagram after fragmentation to be correctly reassembled into the original datagram.
Flag (Flag):. Accounted for three, but only two meaningful field flag lowest level recorded as MF (More Fragment) .MF = 1 means that behind "There slice" datagram .MF = 0 Indicates that this is the last of several datagram fragments. The middle bit in the flag field is marked as DF (Don't Fragment), which means "cannot be fragmented". Fragmentation is allowed only when DF=0.
Slice offset : 13 bits. After the longer group is sliced, the relative position of a slice in the original group. That is, relative to the starting point of the user data field, where does the slice start. The slice offset is 8 The byte is the offset unit, which means that the length of each fragment must be an integer multiple of 8 bytes (64 bits).
Time to live : occupies 8 bits. The commonly used English abbreviation for the time to live field is TTL (Time To Live), which indicates the life of the datagram in the network. This field is set by the source of the datagram. The purpose is to prevent undeliverable Datagrams travel in circles on the Internet without restriction, thus consuming network resources in vain. The original design was based on seconds as the unit of TTL. Every time a router passes through, the TTL is subtracted from the period of time the datagram is consumed by the router. If the data If the time consumed by the router on the router is less than 1 second, the TTL value is reduced by 1. When the TTL value is 0, the datagram is discarded.
Protocol : occupies 8 bits. The protocol field indicates which protocol is used for the data carried in this datagram, so that the IP layer of the destination host knows which processing process should be handed over to the data part. For details, please see the note at the end of the article.
Header checksum : occupies 16 bits. This field only checks the header of the datagram, but does not include the data part. This is because every time the datagram passes through a router, the capital checksum must be recalculated (some fields, such as survival time, flag , Chip offset, etc. may change), not checking the data part can reduce the workload of calculation.
Source address : 32 bits.
Destination address : 32 bits.
Variable part of IP datagram header
The variable part of the IP header is an optional field. The option field is used to support troubleshooting, measurement, and security measures. The content is very rich. The length of this field is variable, ranging from 1 byte to 40 bytes. Depends on the selected item. Some option items only require 1 byte, which only includes 1 byte of option code. But some options require multiple bytes, and these options are spliced one by one, and there is no need to have any in between. Separator, and finally fill it with a padding field of all 0s to become an integer multiple of 4 bytes.
The variable part of the header is increased to increase the function of the IP datagram, but it also makes the length of the header of the IP datagram variable This increases the cost of processing datagrams for each router. In fact, these options are rarely used. The new IP version IPv6 makes the length of the IP datagram header fixed.
Currently, these options are defined as follows:
1. Security and processing restrictions (used in the military field);
2. Record the path (let each router write down its IP address);
3. Time Stamp (let each router write down the IP datagram) Pass through each router's IP address and local time);
4. Loose Source Route (specify a series of IP addresses that must be passed through for datagrams);
5. Strict Source Route (Similar to loose origin routing, but it is required to pass only these specified addresses and not other addresses).
These options are rarely used, and not all hosts and routers support these options.
ICMP protocol
1. ICMP protocol (Internet Control Message Protocol)
1) ICMP is an "error detection and feedback mechanism"
2) Encapsulated by IP data packets
3) Used to send error and control messages
2. Encapsulation of the ICMP protocol
1) ICMP belongs to the network layer protocol
2) The encapsulation process of ICMP data
3. Basic use of ICMP (Ping)
1) Basic format
of Ping command 2) Common parameters of Ping command in Windows system
| parameter | effect |
|---|---|
| -t | The parameters will always be pinged |
| -a | The parameter can display the host name (the other party hides the host name, it will not be displayed) |
| -l | Parameters can set the size of the ping packet |
| -n | Specify the number of packets sent |
| -s | Specify the source IP to ping |
*Supplement:
Ping command parameters under Linux system
| parameter | effect |
|---|---|
| -s | Parameters can set the size of the ping packet |
| -c | Specify the number of packets sent |
| -l (uppercase) | Specify the source IP to Ping |
4. Trace route path command
win: tracert IP/domain name
Linux: traceroute IP/domain name
ARP protocol
1. Broadcast and broadcast domains
Broadcast: a data frame with the broadcast address as the destination address.
Broadcast domain: the collection of all nodes in the network that can receive the same broadcast.
Broadcast address: FF-FF-FF-FF-FF-FF
2. Overview of ARP protocol
The basic function of ARP (Address Resolution Protocol) is to resolve a known IP address into a MAC address.
3. ARP working principle
1) When PC1 sends data to PC2, it will first check its own ARP cache table.
2) If the check is not in the ARP cache table, ARP will send a broadcast to find the MAC address of the destination. The ARP request includes the IP address and MAC address of PC1 and the IP address and MAC address of PC2 (in this case, the broadcast address FF-FF-FF-FF-FF-FF)
3) After the switch receives the broadcast, it will flood it. All hosts except PC1 send ARP request messages, PC3 and PC4 receive the information, compare the IP address and find that they are not themselves, discard the ARP request message; PC2 receives it, and finds that it is its own information, and sends it in the form of unicast ARP responds and caches the correspondence between PC1's IP address and MAC address in its own ARP table.
4) After PC2's ARP responds to PC1, PC1 adds the correspondence between PC2's IP address and MAC address in its own ARP table. After that, PC1 and PC2 communicate in unicast mode.
Related ARP commands in windows system
arp-a: View ARP cache table
arp-d: Clear ARP cache
arp-s: ARP binding in
router
View: display arp all
arp static ip + mac
reset arp static Reset static ARP