Sep 19, 2020

Networking Pt 2


A router is a networking device that forwards data packets between computer networks. A router os connected to two or more data lines from different IP networks. When a data packet comes in one of the lines, the router reads the network address information in the packet header to determine the destination. Then, based on routing table, it directs the packet to the next network. Routing table contains information about the topology of the network immediately around it. The table can also contain an entry with the default address This entry is used when the router receives a packet whose destination is an unknown network.

Routing table example (router)

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface UH        0 0          0 eth0   U         0 0          0 br0   U         0 0          0 eth0       U         0 0          0 lo         UG        0 0          0 eth0

The kernel reads routing table from the top down. The first column is the destination. The second column tells how to reach that destination. The default gateway is always shown with the destination The IP address in the gateway column is that of the outbound gateway router. The netmask for the default gateway means that any packet not addressed to the local network or another outbound router by additional entries in the routing table are to be sent to the default gateway regardless of the network class.

Networking Layer 2

Every host on a network has both an IP and a MAC address. When server A wants to send a packet to server B:

  1. server A creates a packet:
    • the destination IP address of server B in the IP header of the datagram.
    • the destination MAC address of the router in the link layer header of the frame.
    • the source IP address of the server A.
    • the source MAC address of the server A.
  2. router takes a packet and forwards it to server B (the destination MAC address is the MAC address of the next hop):
    • the destination MAC address is rewritten to server B
    • the source MAC address is of router.
    • Only MAC address is changed. IP address stays the same (both source and destination). This is global information and remains the same along the packet trip.

MAC address

MAC address is a unique identifier assigned to a network interface controller (NIC). It is assigned by device manufacturer: typically includes a manufacturer's organizationally unique identifier. MAC address is 48 bit (6 bytes) long and is expressed in hexadecimal form: AA:BB:CC:DD:EE:FF.

The IEEE has built in special address to allow more than one NIC to be addressed at one time. It's called broadcast address: FF:FF:FF:FF:FF:FF. Frame with this address is delivered to all devices in the local network.

Network segmentation

Switches do not segment networks. Only routers do so. Usually, every interface of a router is connected to different network. This is the reason, why routers do not forward broadcast packets, like switches.

Packet forwarding

To forward a packet:

  • the switch reads the destination MAC address of the frame.
  • it performs a look-up in the CAM table.
  • it forwads the packet to the corresponding interface.
  • if there is no entry with the MAC address, the switch will forward the frame to all its interfaces.

Address Resolution Protocol (ARP)

The ARP is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

Example of workflow

Two computers are connected to the same local network. Computer A wants to send packet to Computer B. Through DNS, it determines Computer B IP address To send message, Computer A also requires MAC address.

  1. Computer A retrieves cached information from ARP table for

    • if the cache didn't produce a result for IP address, Computer A sends broadcast ARP request message FF:FF:FF:FF:FF:FF, requesting an answer for
  2. Based on retrieved information, Computer A sends packet with MAC adress and IP address.

ARP table has time-to-live (TTL) for every entry. When it expires, or on power off, host discards entries.

Additional resources

Sep 17, 2020



What is packet

Every packet in every protocol has Header (control information) and Payload (user data) structure. The header has a protocol-specific structure: this ensures that the receiving host can correctly interpret the payload and handle the communication. The payload is the actual information. It could be something like part of an email message or the content of a file during a download.

IPv4 protocol header is at least 160 bits (20 bytes) long, and it includes 14 fields, of which 13 are required. Last field, called options is optional. IPv4 packet - Wikipedia Source: Wikipedia, author MichelBakni

Using the information in the header, the nodes involved in the communication can understand and use IP packets.

Protocol layers

Most of the time, when people talk about layers, they think about OSI model. OSI model promoted the idea of a consistent model of protocol layers, defining interoperability between network devices and software. Based on that we can think about seven layers (more here). What we need to know is, that each protocol has header and payload. It goes from top to bottom. Every next layer is encapsulating the layer before in the form of payload.


If we look from 10.000 foot perspective, we can see only data packet. However, if we look at this closer, it's starting showing some interesting properties. Every layer contains paylod in a form of header+payload from previous layer. It means, that at the lowest level, we're looking at

(header + (header + (header + (header + payload))))

This kind of behavior happens to every packet sent by host. On the other side of pipeline, receiving host, needs to unpack all the information, with regards to correct layers.

Internet Protocol (IP)

IP Address

IPv4 Address

IPv4 address consists of 4 bytes (octets). A dot delimits every octet in the address. Each byte (2^8) can represent value 0 to 255.

Special use IPv4 addresses

RFC5735 describes IPv4 addresses, which cannot be assigned to host, due to its special use case. Common addresses, that are in use:    <-- host loopback address. <-- communication between hosts, without DHCP server cannot be found. <-- private networks.

Network classes

Internet addresses are allocated by the InterNIC organization. The most common classes are A, B and C. D and E exist, but are not used by end users. Each of classes has different default subnet mask.

  • Class A: uses (CIDR /8) and have 0-127 as first octet,
  • Class B: uses (CIDR /16) and have 128-191 as first octet,
  • Class C: uses (CIDR /24) and have 192-223 as first octet.
  • Class D: range 224-239 as first octet, used for multicasting
  • Class E: range 240-255 as first octet, not available for general use, reserved for research purposes.


Subnet with all zeros is reserved for the referring to the network itself, while last address, all ones is used as broadcast address for the network. It means, that from network, two addresses are unavailable. In the world of CIDR, /31 and /32, would be unusable, due to above requirement. That's why RFC3021 created an exception. Network /31 is usable for point-to-point links, while /32 (single-host network) must be accessed by explicit routing rules, as there is no room in such a network for a gateway.


RFC3513 (obsolete now) and RFC4291 describes IPv6 addressing architecture. This version allows to address 2^128 devices (approximately 3.4*10^38). It's been introduced in December 1995, but still majority of Internet relies on IPv4. IPv6 is divided into two parts (each 64 bits): network identifier and interface identifier. Furthermore, the first 64 bits ends with a dedicated 16-bits space that can be used only for specifying a subnet.

Additional resources

← Previous Page 2 of 2