Internet Protocol IPv4

basic introduction

Internet Protocol IP is one of the two important protocols in the TCP/IP system. Although IPv4 will eventually be replaced by IPv6, it is still the most important Internet protocol currently in use. There are 3 protocols used in conjunction with IP:

  • Address Resolution Protocol ARP (Address Resolution Protocol)
  • Internet Control Message Protocol ICMP (Internet Control Message Protocol)
  • Internet Group Management Protocol IGMP (Internet Group Management Protocol)

Internet Protocol IP and its supporting protocols


Classified IP address

 Main features of IPv4 protocol

  • The IPv4 protocol provides a connectionless packet transmission service. It does not guarantee the quality of service (that is, it does not guarantee the possible errors, losses, duplications, and out-of-order phenomena of the transmitted packets).
  • The IPv4 protocol is a point-to-point network layer communication protocol.
  • The Pv4 protocol shields the transport layer from differences in physical networks. The network layer uses the IP protocol to provide unified IP packets to the transport layer, which facilitates the interconnection of various heterogeneous networks.  

 IP addresses and their assignments

  • Think of the entire Internet as a single, abstract network. The IP address is to assign a unique identifier (32 bits in length) worldwide to each host (or router) connected to the Internet.
  • P addresses are assigned by the Internet Corporation for Assigned Names and Numbers (ICANN).

 How IP addresses are addressed

IP addressing goes through two stages:

  • Classify IP addresses. This is the most basic addressing method, and a corresponding standard protocol was adopted in 1981. Based on the problems existing in classified IP addresses, the concepts of subnet division and variable-length subnet division were proposed in 1985. This is an improvement over the most basic classification addressing method.
  • Unclassified IP address. In 1993, a new classification addressing method was proposed and has been promoted and applied.

The so-called "classified IP address" is to divide the IP address into several fixed categories. Each type of address consists of two fixed-length fields. One of the fields is the network number net-id, which identifies a certain host (or router). The connected network number; the other field is the host number host-id, which marks the number of the host (or router) in this type of network. nThe IP address of this two-level structure can be recorded as: IP address::= {<network number>, <host number>}   

Among them, ::= represents "defined as"

 IPv4 address format

 Representation of IP address - dotted decimal notation  

Identify IP address categories

If an address in binary notation is given, the first few digits are used to indicate the type of address.

  • A, 0 0000001 00001011 00001011 11101111 A category
  • B. 110 00001 10000011 00011011 11111111 Class C
  • C. 10 100111 11011011 10001011 01101111 Class B
  • D. 11110 011 10011011 11111011 00001111 Class E

 If the address is expressed in dotted decimal notation, the address type is determined according to the decimal number represented by the first byte: Class A is 0~127, Class B is 128~191, Class C is 192~223, and Class D is 224~239, Class E is 240~255.

  • A. Class D
  • B. Class C
  • C. Class A
  • D. Class E
  • E. Class B

 special IP address

  • A network number of all 0s refers to this network.
  • If the network number and host number are all 1, the network will be broadcast (the router will not forward it).
  • Class A network address 127 is a reserved address used for local software loopback testing.
  • A host number of all 1s means broadcasting to all hosts with this network number.




Maximum number of networks

first assignable network number

Last assignable network number

The maximum number of hosts that can be in each network

Approximately % of the entire address space



















Some important characteristics of IP addresses

  • IP address is a hierarchical address structure. It does not reflect any information about the geographical location of the host (or router). Each IP address consists of two parts: a network number and a host number. The advantage of this address structure is that the P address management agency only allocates the network number (first level) when allocating IP addresses, and the remaining host number (second level) is allocated by the unit that obtains the network number. This facilitates IP address management. The router only forwards packets based on the network number to which the destination host is connected (without considering the destination host number). This can significantly reduce the number of items in the routing table, thereby reducing the storage space occupied by the routing table.
  •  An IP address specifies a host (or router) and the interface of a link. When a host is connected to two networks at the same time, the host must have two corresponding IP addresses at the same time, and its network number net-id must be different. This kind of host is called a multihomed host. Since a router should be connected to at least two networks, a router should also have at least two different IP addresses.
  • All networks assigned a network number net-id, whether it is a small local area network or a wide area network that may cover a large geographical area, have equal status.
  • According to the Internet's perspective, a network is a collection of hosts with the same network number. Several LANs connected by repeaters or bridges are still one network because these LANs all have the same network number net-id.


The composition of third-level IP addresses

The original IP address design was not reasonable enough, mainly reflected in:

  • There is a lot of waste in the use of IP addresses, and the utilization rate of the address space is very low. For example, the number of hosts allowed by 10BASE-T is 1024, but a Class B address must be applied for, so 64510 addresses are wasted, and the address space utilization is only 1.56%.
  • Two-level IP addresses are not flexible enough. A certain unit has requirements for dividing its network by departments, but there is no provision in this regard in the two-level IP address structure.
  • The method of assigning a network number based on the physical network will lead to more and more entries in the routing table, which is not easy to improve network performance.

 Since 1985, a "subnet number field" has been added to the IP address format, changing the IP address structure from a two-level structure to a three-level structure. This practice is called subnetting.

Basic ideas for dividing subnets

  • The division of subnets is purely an internal matter within the organization and is completely transparent to networks outside the organization.
  • The method of dividing the subnet is to use the first few bits of the host number field as the subnet number field, then the IP address ∷={<network number>, <subnet number>, <host number>}       
  • All IP datagrams sent from other networks to a host in the unit's network are still sent to the router connected to the unit's network according to the destination network number of the IP datagram. After receiving the IP datagram, the router finds the destination subnet based on the destination network number net-id and subnet number subnet-id. Finally, the IP datagram is delivered directly to the destination host.

Example: An unsubnetted Class B network

After being divided into three subnets, it is still one network to the outside world.

 subnet mask

  • Since neither the IP address itself nor the header of the datagram contains any information about subnet division, it is impossible to determine from the header of an IP datagram whether the network to which the source host or destination host is connected has been divided into subnets.
  • How to know the division of subnets? The concept of subnet mask is used to divide subnets. You can easily find the subnet part of an IP address using a subnet mask.

The TCP/IP system stipulates that the subnet mask is a 32-bit binary number, consisting of a series of consecutive "1"s followed by a series of consecutive "0"s. Among them, "1" corresponds to the network number and subnet number fields of the IP address, and "0" corresponds to the host number field of the IP address.

 The subnet mask uses dotted decimal notation (, or network prefix (or slash) notation (

 The relationship between the fields of the IP address and the subnet mask

(IP address) AND (subnet mask) = network address 

The subnet mask is an important attribute of a network or a subnet. Internet standards state that all networks must have a subnet mask, which is included in the routing table.

The concept of subnetting also applies to unsubnetted situations. Networks that are not subneted can use the default subnet mask. Using a subnet mask simplifies the router's routing algorithm.

Default subnet mask for Class A, B, and C IP addresses

Pros and Cons of Subnetting

  • Pros - Increased flexibility.
  • Disadvantage - Reduces the total number of hosts that can be connected to the network. For example, a Class B address can connect to up to 65,534 hosts. However, after being divided into 4 subnets, the actual number of connected hosts is 32,764. This is because [RFC950] stipulates that the subnet number cannot be all 0s or all 1s.

variable length subnet

The original purpose of subnetting is to divide a class-based network into several subnets of the same size. In fact, creating subnets of different sizes can avoid wasting IP addresses. The division of subnets of different sizes is called variable length subnet division.

Variable-length subnetting is a technique that uses subnet masks of different lengths to allocate subnet number fields. It uses different subnet masks to further divide the divided subnets into networks of different sizes, thereby improving the utilization of IP address resources.

Example of variable length subnetting

A network with a Class B IP address of needs to be configured as one subnet that can accommodate 32,000 hosts, 15 subnets that can accommodate 2,000 hosts, and 8 subnets that can accommodate 254 hosts.

Unclassified addressing 

The concept of subnets alleviates the conflicts caused by the original unreasonable design of IP addresses, and the concept of variable-length subnets also meets the needs of users for the actual use of IP addresses. However, these measures have not fundamentally alleviated the difficulties encountered in the development process of the Internet.

In 1992, the Internet faced three urgent problems that needed to be solved: ① Class B addresses had been allocated more than half in 1992. ②The number of items in the routing table on the Internet backbone network increases dramatically. ③In February 2011, IANA announced that IPv4 addresses had been exhausted.

Based on VLSM, the IETF has developed a classless addressing method to solve the above problems. The official name of the classless addressing method is CIDR (Classless Inter-Domain Routing), and its new document is RFC 4632

The main design ideas of CIDR

CIDR cancels the previous concepts of classifying IP addresses and dividing subnets, and uses "network prefixes (network-pfefix)" of various lengths to replace the network numbers and subnet numbers in classified addresses.

            IP address ∷={<network prefix>, <host number>}

 CIDR combines consecutive IP address blocks with the same network prefix into "CIDR address blocks". A CIDR address block can be represented by its starting address and the number of addresses in the block. For example, represents an address in a certain CIDR address block.

 Representation of unclassified addressing

CDIR uses network prefix notation (or slash notation), that is, adding a slash "/" and a number after the IP address. This number is the number of digits in the network prefix, such as, which represents the IP address. The first 20 digits are the network prefix.

CIDR also uses several other representations. One is to omit the consecutive "0"s in the low digits of the dotted decimal system, such as, which can be expressed as 20/10. The other is to add an asterisk "*" after the network prefix, such as 00010100 00*, where the asterisk is before the network prefix, and the asterisk represents the host number in the IP address.

CIDR address block example

  • means that in this 32-bit IP address, the first 20 digits are the network prefix and the last 12 digits are the host number. Each address block has a total of 212 addresses, and its starting address is
  • When there is no need to point out the starting address of the address block, such an address block can also be referred to as the "/20 address block" for short.
  • The minimum address of the address block is:, and the maximum address is:
  • Host number addresses with all 0s and all 1s are generally not used.

The address block contains 212 addresses

 route aggregation

A CIDR address block can contain many addresses, and routing table entries can also be represented by address blocks. This kind of address aggregation is called route aggregation. Route aggregation not only helps to shorten the routing table, but also reduces the time to look up the routing table, thereby improving the performance of the Internet. Route aggregation is also called supernetting.

Although CIDR does not use the concept of subnet, it still uses the term "mask" (just not called a subnet mask). For example, for the /20 address block, its mask is 20 consecutive ones. The number in slash notation is the number of 1's in the mask.

 Build a supernet

In the "number of addresses included", all 0 and all 1 addresses are included. K in the table represents 210 (i.e. 1024). Addresses with network prefixes less than 13 or greater than 27 are less commonly used. The number of addresses in the CIDR address block must be an integer power of 2.

  • CIDR address blocks with a prefix length of no more than 23 bits contain the equivalent of multiple Class C addresses. Together, these Class C addresses form a supernet.
  • The shorter the network prefix, the greater the number of addresses its address block contains. In the three-level IP address structure, subnet division makes the network prefix longer.
  • Using CIDR to build a supernet must be supported by relevant routers and their protocols.

The biggest benefit of using CIDR address blocks

  • IPv4 address space can be allocated more efficiently. For example, an organization needs 900 IP addresses. When CIDR is not used, the ISP can assign the unit one Class B address or four Class C addresses. But using CIDR, the ISP can assign the unit an address block, which contains 1024 IP addresses, equivalent to 4 consecutive /24 address blocks.
  • Address blocks can be allocated according to the geographical location of the network, which can greatly reduce the space occupied by the routing table, that is, reduce the number of entries in the routing table.

Address interpretation and address translation

 The difference between IP address and hardware address

Example: Use two routers to interconnect three LANs

 The communication path is: H1 → forwarded by R1 → forwarded by R2 → H2

Looking at the flow of data from the protocol stack level


Looking at the flow of IP datagrams from the virtual IP layer

Watch the flow of MAC frames on the link

 Only IP datagrams are visible on the Internet where the IP layer is abstracted. IP1 → IP2 in the figure means from the source address IP1 to the destination address IP2. The IP addresses of the two routers do not appear in the header of the IP datagram.

  • Although there is the IP address of the source station in the header of the IP datagram, the router only performs routing selection based on the network number of the IP address of the destination station.  
  • At the link layer of a specific physical network, only MAC frames can be seen, but IP datagrams (which are encapsulated in MAC frames) cannot be seen. During the transmission process of the MAC frame, the hardware address HAx filled in the header is different.
  • Although the hardware address systems of interconnected networks vary, the abstraction of the Internet at the IP level shields the very complex details of the lower layers. Discussing the problem at the abstract network level allows us to study host-to-host or host-to-router communication using uniform, abstract IP addresses.  

Address Resolution Protocol ARP

No matter what protocol is used at the network layer, when transmitting data frames on the link of the actual network, the hardware address is ultimately used.

There is no simple mapping between IP addresses (32 bits) and hardware addresses (48 bits). The ARP protocol solves the mapping between IP addresses and physical addresses, while the RARP protocol solves the mapping between physical addresses and IP addresses.

Each host is equipped with an ARP cache (cache), which stores the mapping table from the IP address to the hardware address of each host and router on the local area network.

When host A wants to send an IP datagram to a host B on the local area network, it first checks whether there is the IP address of host B in its ARP cache. If so, the corresponding hardware address is obtained, the hardware address is written into the MAC frame, and then the MAC frame is sent to the hardware address through the LAN. Otherwise the host runs the ARP protocol.

ARP cache

  • The purpose of caching is to reduce the amount of traffic on the network. If the cache is not used, any host on the network needs to send ARP request packets in broadcast mode to communicate, which will greatly increase the traffic on the network. Using cache, the obtained address mapping can be stored for later use.
  • ARP sets a survival time (such as 10 minutes) for the "IP address-hardware address" mapping table stored in the cache. Entries that exceed the survival time will be deleted. Deleted table entries are re-established without principle, and must also go through the process of finding the hardware address of the destination host as described above.

ARP solves the mapping problem between the IP address and the hardware address of the host (or router) on the same LAN. As long as a host or router communicates with another host or router with a known IP address on the network, the ARP protocol will automatically resolve the IP address to the hardware address required by the link layer.

If the destination host and the source host you are looking for are not on the same LAN, then you need to find the hardware address of a router on the local area network through ARP, and then send the packet to the router, and let the router forward the packet to the next server. a network. The next network does the rest.

The resolution from the IP address to the hardware address is performed automatically, and this address resolution process is transparent to the user.

Four typical situations when using ARP

  • The sender is a host that wants to send an IP datagram to another host on this network. At this time, use ARP to find the hardware address of the destination host.
  • The sender is a host that wants to send an IP datagram to a host on another network. At this time, use ARP to find the hardware address of a router on this network. The router does the rest.
  • The sender is a router that forwards the IP datagram to a host on this network. At this time, use ARP to find the hardware address of the destination host.
  • The sender is a router that forwards the IP datagram to a host on another network. At this time, use ARP to find the hardware address of another router on the network. The router does the rest.  

 Why not just use the hardware address for communication?

  • Since there are various networks around the world, they use different hardware addresses. To enable these heterogeneous networks to communicate with each other, very complex hardware address translation must be performed, which is almost impossible.
  • IP addressing solves this complex problem. All hosts connected to the Internet have a unified IP address, and communication between them is as simple and convenient as if they were connected to the same network, because calling ARP to find the hardware address of a router or host is automatically performed by computer software. , this calling process is invisible to the user. 

Virtual Private NetworkVPN

Due to the shortage of IP addresses, the number of IP addresses an organization can apply for is often far less than the number of hosts owned by the organization.

Considering that Internet security is not very good, there is no need to connect all hosts in an organization to the external Internet.

Therefore, there is an idea: assuming that computer communication within an organization also uses the TCP/IP protocol, then in principle, these computers that are only used within the organization can be assigned their own IP addresses by the organization.

Two kinds of addresses

  • Local address - an IP address used only within the organization, which can be assigned by the organization itself without having to apply to the Internet management agency.
  • Global address - a unique IP address in the world, which must be applied to the Internet management agency.

Problem: The local address used internally may overlap with an IP address on the Internet, resulting in address ambiguity.

Solution: RFC1918 specifies some private addresses. Private addresses can only be used as local addresses and not as global addresses. All routers in the Internet will not forward datagrams whose destination address is a private address. Three private address blocks, namely the partial Class A, B and C private address blocks reserved by ICANN.

  • Class A:;
  • Category B:;
  • Class C:

 A private network using this kind of dedicated IP address is called a pseudo-private network VPN. Virtual Private Network VPN is a functional network built on the basic network. It provides users with the functions of a general private network, but it is not an independent physical network itself. Instead, it is built on the network platform provided by public network service providers (such as Internet, ATM and FR, etc.) through tunnel technology. logical network.

Virtual private network has two meanings: one is "virtual", because the connection between any two nodes on the entire VPN network does not have the end-to-end physical link required by the traditional private network, but is established on the distribution network. On the platform of a wide range of public networks; the second is a "private network". Each VPN user can obtain the required resources from the temporary "private network".

Things to note when building a virtual private network

  • If communications are carried out between private networks at different outlets and need to pass through the public Internet, and there are confidentiality requirements, then all data passing through the Internet must be encrypted.
  • To build its own VPN, an organization must purchase dedicated hardware and software for each of its locations and configure it so that each location's VPN system knows the addresses of other locations.

 Characteristics of Virtual Private Network

  • The cost is low and you only need to pay the daily Internet fee.
  • Get extensive support for the most commonly used network protocols.
  • It has safe and reliable functions such as identity verification and data encryption.
  • Easy to expand and manage.

 Disadvantages of Virtual Private Networks

  • safety. Since the Internet is not a trustworthy secure network, in order to ensure the security of data transmission, data transmitted over the network should be encrypted.
  • Manageability. VPN management must be able to respond to rapid changes in the needs of telecommunications organizations to avoid additional travel expenses.
  • performance. Since ISPs deliver IP packets on a "best effort" basis, and transmission performance across the Internet is not guaranteed and changes from time to time, additional security measures will also significantly reduce performance.

Utilizing Tunnel Technology to Realize Virtual Private Network

There are two ways to establish a tunnel: one is a voluntary tunnel, which refers to a tunnel that a server computer or router can configure and create by sending a VPN request; the other is a mandatory tunnel, which refers to a tunnel that is configured and created by a VPN service provider.

There are two types of tunnels: ① Point-point tunnel. The tunnel extends from the remote user computer to the enterprise server, and the devices on both sides are responsible for establishing the tunnel and encrypting and decrypting data between the two points. ②End-to-end tunnel. The tunnel terminates at network edge devices such as firewalls, and its main function is to connect the LANs at both ends.

IP datagram format  

 IP datagram consists of header and data parts.

The header of the IP datagram

  • The first part of the header is of fixed length (20 bytes), which all IP datagrams must have.
  • The fixed part of the header is followed by options and padding fields (of variable length).
  • The length of the data part is also variable

Version - 4 digits, refers to the version of the IP protocol. The currently widely used protocol version number is 4 (i.e. IPv4). The protocol versions of both communicating parties must be consistent.

Header length - 4 bits, indicating the length of the datagram header. Since the maximum value that can be represented by the header length is 15 units (each unit is 4 bytes), the maximum value of the IP header length is 60 bytes. When the header length is less than an integer multiple of 4 bytes, the padding field can be used to fill it in.

Differentiated Services - 8 bits, indicating the service requirements for the datagram. The first three digits represent the priority (0 to 7, with 0 being the lowest). D, T, R, and C respectively represent selective requirements for delay, throughput, reliability, and routing service cost. The last bit is unused. This field is only used when using differentiated services.

Total length - 16 bits, refers to the length of the entire datagram (including header and data), in bytes. The maximum length of a datagram is 65535 bytes (64KB). The total length must not exceed the maximum transmission unit MTU of the data link layer. When the datagram length exceeds the MTU, it needs to be fragmented. The total length at this time refers to the length of each fragment (including header and data) after fragmentation.

Identification - 16 bits, which are used for each fragment of the datagram to be finally reassembled into the original datagram. It is a counter that increases by 1 every time a datagram is generated and assigns this value to the identification field. The destination host correctly reassembles (joins) the fragmented datagrams with the same identification field value.

Flag - 3 digits, currently only the last two are meaningful. The lowest bit is recorded as MF (More Fragment). MF=1 means "there are still fragments" later. MF=0 means it is the last fragment. The next lowest bit is DF (Don't Fragment), which is used to control whether datagram fragmentation is allowed. Fragmentation is only allowed if DF=0.

Slice offset - 13 bits, refers to the relative position of a certain slice in the original packet after the longer packet is fragmented. That is, where the fragment begins relative to the beginning of the user data field so that the destination host can reassemble the datagram. The slice offset is in 8-byte offset units. This means that the length of each fragment must be an integer multiple of 8 bytes (64 bits).

 Example of IP datagram fragmentation:

  • The total length of a datagram is 3820 bytes, and the length of its data part is 3800 bytes (using a fixed header). It needs to be fragmented into datagram fragments with a length of no more than 1420 bytes.
  • Since the fixed header length is 20 bytes, the data portion of each datagram fragment cannot exceed 1400 bytes.
  • So it is divided into 3 datagram fragments, the lengths of the data parts are 1400, 1400 and 1000 bytes respectively.
  • The original datagram header is copied into the header of each datagram fragment, but the values ​​of the relevant fields must be modified.


total length




slice offset

raw datagram






Datagram fragment 1






Datagram fragment 2






Datagram fragment 3






 Time to Live - 8 bits, recorded as TTL (Time To Live), indicating the lifespan of the data in the network. The unit was originally seconds, but for convenience, "hops" are now used as the unit of TTL. Every time a datagram passes through a router, its TTL value is decremented by 1. When the TTL value is reduced to zero, the datagram is discarded.

Guess you like