The Network Layer (OSI Layer 3) plays a fundamental role in the realm of computer networking. As the backbone of data transfer across diverse networks, it ensures seamless communication between devices.

This article explores the characteristics and protocols of the network layer, including IPv4 and IPv6 addressing, subnetting, and NAT. This resource will help you gain the insights needed to master the intricacies of OSI Layer 3.

Network Layer Characteristics

The network layer, also known as Layer 3 of the Open Systems Interconnect Model (OSI Model), provides essential services that enable end devices to exchange data across networks.

Network layer communication protocols, such as IPv4 and IPv6, define the packet structure and processing methods used to transfer data between hosts.

The main network layer communication protocols include:

  1. IP version 4 (IPv4);
  2. IP version 6 (IPv6);
  3. Routing protocols like Open Shortest Path First (OSPF);
  4. Messaging protocols like Internet Control Message Protocol (ICMP).

Basic Operations of Network Layer Protocols

Network layer protocols perform four basic operations:

  • Addressing end devices: End devices must be configured with a unique IP address for identification on the network.
  • Encapsulation: By adding an IP header, the network layer encapsulates the protocol data unit (PDU) from the transport layer into a packet. The IP header ensures delivery to the destination host.
  • Routing: The network layer directs packets to a destination host on another network. During routing, the router selects the best path and guides packets toward the destination host. A packet may traverse multiple routers (hops) before reaching its destination. The IP addressing information remains constant from the source to the destination, except when altered by Network Address Translation (NAT) for IPv4.
  • De-encapsulation: Upon arrival, the packet is checked for a match to the destination IP address. If it matches, the IP header is removed, and the resulting Layer 4 PDU is passed to the appropriate service at the transport layer.

A crucial characteristic the network layer must consider is the maximum size of the protocol data unit (PDU) that each medium can transport, known as the maximum transmission unit (MTU). The data link layer passes the MTU value up to the network layer, which then determines the permissible packet size. Occasionally, an intermediate device, usually a router, must fragment an IPv4 packet when forwarding it, leading to latency. IPv6 packets, however, cannot be fragmented by routers.

The Role of Internet Protocol (IP)

Internet Protocol (IP) is designed to deliver packets from a source to a destination across an interconnected system of networks.

The basic characteristics of IP include:

  • Connectionless: No connection with the destination is established before sending data packets.
  • Best Effort: IP is inherently unreliable, meaning packet delivery is not guaranteed. In the TCP/IP protocol suite, reliability is the role of the TCP protocol at the transport layer.
  • Media Independent: IP operation is independent of the medium (e.g., copper, fiber-optic, or wireless) carrying the data.

IPv4 Address Structure

An IPv4 address is a logical network address that identifies a specific host.

  • For local communication, it must be properly configured and unique within a local area network (LAN).
  • For remote communication, it must also be properly configured and unique in the world.

Every packet sent across the internet has both a source and a destination IPv4 address.

IPv4 addresses are 32 bits in length, grouped into four 8-bit bytes called octets. For example, the 32-bit binary address 11010001101001011100100000000001 can be split into four octets:

11010001.10100101.11001000.00000001,

which converts to the decimal value

209.165.200.1.

An IPv4 address is hierarchical, consisting of two parts: the network and the host:

  • The network portion of the IP address is the same for all hosts connected to the same local network.
  • The second part identifies the individual host on that network.

Assigning an IPv4 address to a host requires:

  • A unique IPv4 address for the host.
  • A subnet mask to identify the network and host portions of the IPv4 address.

Additionally, a default gateway IPv4 address is necessary to reach remote networks, and DNS server IPv4 addresses are required to translate domain names to IPv4 addresses.

Understanding the Subnet Mask

A subnet mask is used to identify the network on which a host is connected.

It does not contain the network or host portion of an IPv4 address; rather, it indicates where to find the network portion and the host portion of the IPv4 address.

The subnet mask can be represented using slash notation (a forward slash (/) followed by the number of bits set to 1).

For example, the subnet mask for 255.255.255.0 can be represented as /24, indicating that the subnet mask is 24 bits long (CIDR notation).

Each 255 in the subnet mask corresponds to the network part of the IP address, while each 0 indicates the host part.

In binary, 255.255.255.0 is 11111111.11111111.11111111.00000000

For example, a host with an IPv4 address of 192.168.0.9 and a subnet mask of 255.255.255.0 has the first three octets (192.168.0) as the network portion and the last octet (9) as the host portion. In this example hosts can be assigned any number from 1 to 254.

A network address is also referred to as a prefix or network prefix.

Prefix length - the number of bits set to 1 in the subnet mask.

To identify the network address of an IPv4 host, the IPv4 address is logically ANDed, bit by bit, with the subnet mask. ANDing between the address and the subnet mask yields the network address.

Multiple logical networks can exist on one physical network if the network portion of the logical network host addresses differs.

Devices on the same subnet share the same network number, subnet mask, and default gateway.

Categories of IPv4 Addresses

IPv4 addresses fall into two main categories:

Public IPv4 Addresses: These are globally routed between internet service provider (ISP) routers.

Private IPv4 Addresses: These are non-internet-facing IP addresses used in internal networks. Private addresses are not unique and are not globally routable.

Packets with a private address must be filtered (discarded) or translated to a public address before being forwarded to an ISP.

The exhaustion of public IPv4 addresses has prompted the adoption of private IPv4 addresses and the transition to IPv6.

In the 1990s, as the Internet faced a shortage of IPv4 addresses, IPv6 emerged as the long-term solution with its vast 128-bit address space. However, in 1993, the world wasn't ready for IPv6, necessitating a temporary fix. This led to the adoption of private IP addresses and Network Address Translation (NAT) to bridge the gap until IPv6 could be fully implemented.

Special and Restricted IPv4 Addresses

Some IP addresses have special uses and cannot be assigned to networks and hosts.

These include:

Loopback addresses (127.0.0.0 /8 or 127.0.0.1 to 127.255.255.254): Used by a host to direct traffic to itself. If you can ping the loopback address, TCP/IP is working on the device.

Link-local addresses (169.254.0.0 /16 or 169.254.0.1 to 169.254.255.254), also known as Automatic Private IP Addressing (APIPA) addresses or self-assigned addresses: Used by Windows clients to self-configure when they cannot obtain an IP address through other methods. This allows DHCP clients to communicate on the local network while DHCP is being fixed.

Some IP addresses rules are:

  • The network address cannot be all zeroes

When the network address is set to 0, TCP/IP interprets the IP address as a “local” address, meaning that the data packet does not need to be transmitted through a router. For example, 0.0.0.22 identifies host 22 on the local network.

  • The host address cannot be all zeroes.

The address where the host portion is all zeroes identifies the network address.

  • The host address cannot be all ones.

The address where the host portion is all ones identifies the broadcast address. This address is used when nodes want to contact all hosts on the network.

Types of IPv4 Addresses

 

 Network  IP Starts With  Addresses  Purpose

 10.0.0.0 /8

 10 (0000 1010)

 10.0.0.0 – 10.255.255.255

Private Use

It provides a large address space with 16,777,216 possible host addresses.

 172.16.0.0 /12

 172 (1010 1100).

16 – 31 (0001 0000 – 0001 1111)

 172.16.0.0 – 172.31.255.255

Private Use

It offers 1,048,576 host addresses. 

 192.168.0.0 /16

 192 (1100 0000).

168 (1010 1000)

 192.168.0.0 – 192.168.255.255

Private Use

It provides 65,536 host addresses.

 169.254.0.0 /16

 169 (1010 1001).

254 (1111 1110)

 169.254.0.0 – 169.254.255.255

 Automatic Private IP Addressing (APIPA)

 100.64.0.0 /10

 100 (0110 0100).

64 (0100 000)

 100.64.0.0 – 100.127.255.255

 Carrier-grade NAT

 

IPv4 Transmission Types: Unicast, Broadcast, and Multicast

IPv4 supports three types of transmission:

Unicast Transmission (One-to-One): One device sends a message to another device. IPv4 unicast host addresses range from 1.1.1.1 to 223.255.255.255, with many reserved for special purposes.

Broadcast Transmission (One-to-All): A device sends a message to all devices on a network. A broadcast packet has a destination IPv4 address with all ones (1s) in the host portion, or 32 one (1) bits.

Broadcasts are often used to advertise services or locate other devices. Network services relying on broadcasts can generate significant traffic.

There are two types of broadcasts:

  • Directed Broadcast: Packets sent to all hosts on a specific network. For example, a host on the 192.168.0.9/24 network sends a packet to 192.168.0.255.
  • Limited Broadcast: Packets sent to 255.255.255.255, performed within the broadcast domain and not forwarded by routers.

A broadcast MAC address is FF-FF-FF-FF-FF-FF in hexadecimal.

Multicast Transmission (One-to-Many): A host sends a packet to a selected group of hosts subscribing to a multicast group.

Multicast groups use a single IPv4 multicast destination address ranging from 224.0.0.0 to 239.255.255.255.

Routing protocols such as Open Shortest Path First (OSPF) use multicast transmissions. FFor example, OSPF-enabled routers communicate using the reserved OSPF multicast address 224.0.0.5.

The address range 224.0.0.0 to 224.0.0.255 is reserved for link-local addresses to reach multicast groups on a local network.

A multicast MAC address is 01-00-5E (the first 3 bytes or 24 bits) for an IPv4 multicast packet and 33-33 (the prefix 33:33:*) for an IPv6 multicast packet.

Network Address Translation (NAT) Explained

Network Address Translation (NAT) translates private IPv4 addresses to public IPv4 addresses, typically performed by the router connecting the internal network to the ISP network. NAT eliminates the need for public addresses for every internal host.

When private clients send data to the Internet:

  • The NAT router assigns the data with the IP address of the NIC connected to the Internet.
  • Data is tagged with a port number for the NAT router to identify the correct private IP for the response.
  • The router's Internet-facing IP is public and unique, ensuring replies are correctly directed.
  • The NAT router routes incoming data to the appropriate private client using the tagged port number.

Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is a type of network address translation (NAT) used by ISPs in IPv4 network design. Carrier-grade NAT is used in wireless networks, particularly cellular networks.

Anatomy of an IPv4 Packet

IPv4 is one of the primary network layer communication protocols. The IPv4 packet header is used to ensure that this packet is delivered to its next stop on the way to its destination end device.

The IPv4 header consists of a variable length header of 20 octets (up to 60 bytes if the Options field is used) and 12 basic header fields, not including the Options field and Padding field.

IPv4 packet header field descriptions and lengths:

  1. Version - a 4-bit binary value set to 0100 that identifies this as an IPv4 packet.
  2. Internet Header Length (IHL) - a 4-bit binary value.
  3. Differentiated Services / DiffServ (DS) / type of service (ToS) - an 8-bit field used to determine the priority of each packet. The six most significant bits of the DiffServ field are the differentiated services code point (DSCP) bits and the last two bits are the explicit congestion notification (ECN) bits.
  4. Total Length – 2 bytes value.
  5. Identification
  6. Flag
  7. Fragment Offset
  8. Time to Live (TTL) – an 8-bit binary value that is used to limit the lifetime of a packet. The source device of the IPv4 packet sets the initial TTL value. It is decreased by one each time the packet is processed by a router. If the TTL field decrements to zero, the router discards the packet and sends an Internet Control Message Protocol (ICMP) Time Exceeded message to the source IP address. Because the router decrements the TTL of each packet, the router must also recalculate the Header Checksum.
  9. Protocol – an 8-bit binary value indicates the data payload type that the packet is carrying, which enables the network layer to pass the data to the appropriate upper-layer protocol. Common values: ICMP (1), TCP (6), and UDP (17).
  10. Header Checksum – used to detect corruption in the IPv4 header.
  11. Source IPv4 Address – a 32-bit binary value that represents the source IPv4 address of the packet. It is always a unicast address.
  12. Destination IPv4 Address – a 32-bit binary value that represents the destination IPv4 address of the packet. The destination IPv4 address can be a unicast, multicast, or broadcast address.

 The Internet Header Length (IHL), Total Length, and Header Checksum fields are used to identify and validate the packet.

The Identification, Flags, and Fragment Offset fields are used to keep track of the fragments. 

The History of Classful Addressing

TCP/IP addresses were originally divided into classes based on the initial bits of the IP address. Each class had a default subnet mask, and these were the only subnet masks recognized by Internet routers:

Class A (0.0.0.0/8 to 127.0.0.0/8): Designed for extremely large networks, with a fixed /8 prefix. The first octet indicates the network address, and the remaining three octets are for host addresses, allowing more than 16 million host addresses per network.

Class B (128.0.0.0 /16 to 191.255.0.0 /16): Designed for moderate to large networks, with a fixed /16 prefix. The first two high-order octets indicate the network address, and the remaining two are for host addresses, allowing more than 65,000 host addresses per network.

Class C (192.0.0.0 /24 to 223.255.255.0 /24): Designed for small networks, with a fixed /24 prefix. The first three octets indicate the network address, and the remaining octet is for host addresses, allowing up to 254 host addresses per network.

Class D (224.0.0.0 to 239.0.0.0): Reserved for multicast.

Class E (240.0.0.0 to 255.0.0.0): Reserved for experimental purposes.

 Class  IP Starts With  1st Octet Decimal  Default Subnet Mask  N of Hosts  Purpose
 A  0 (0000 0000 – 0111 1111)  1 – 126*  255.0.0.0  16,777,214  Large networks
 B  10 (10000000 – 10111111)  128 – 191  255.255.0.0  65,534  Medium Networks
 C  110 (11000000 – 11011111)  192 – 223  255.255.255.0  254  Small networks
 D  1110 (11100000 – 11101111)  224 – 239  NA  NA  Multicast
 E  11110 (11110000 – 11110111)  240 – 247  NA  NA  Reserved for future experiments

 

* The first octet can’t be 0 and the 127 network was reserved for testing TCP/IP and never used.

Broadcast Domains and Network Segmentation

A broadcast domain is a logical division of a computer network where all nodes can reach each other by broadcast at the data link layer.

  • Problems with Large Broadcast Domains: Hosts can generate excessive broadcasts, negatively affecting network performance.
  • Solutions for Large Broadcast Domains: Reduce the network size by creating smaller broadcast domains through subnetting. Subnetting reduces overall network traffic and improves performance. It also allows the implementation of subnet-based security policies.

In an Ethernet LAN, devices use broadcasts and the Address Resolution Protocol (ARP) to locate other devices. ARP sends Layer 2 broadcasts to a known IPv4 address on the local network to discover the associated MAC address.

For example, a host typically acquires its IPv4 address configuration using the Dynamic Host Configuration Protocol (DHCP), which sends broadcasts on the local network to locate a DHCP server.

Switches propagate broadcasts out all interfaces except the interface on which it was received.

Routers do not propagate broadcasts; each router interface connects to a broadcast domain, and broadcasts are only propagated within that specific domain.