LECTURE 6 Contents

Address Mapping, Error

• I. Address Mapping
Reporting and Multicasting
• II. ICMP
• III. Multicasting
• IV. IGMP
• V. ICMPv6

Chapter 21 Network Layer: Address Mapping, Error

Reporting and Multicasting
(Forouzan, Data Communications and Networking, 4th Edition)
1 2

I. Address Mapping Address Mapping

The delivery of a packet to a host or a router requires
two levels of addressing: logical and physical. We need
to be able to map a logical address to its corresponding
physical address and vice versa. This can be done by
using either static or dynamic mapping.
Topics discussed in this section:
Mapping Logical to Physical Address
Mapping Physical to Logical Address
• IP provides logical connection at network layer
—Packet still needs to be put into a frame and transmit
over physical layer
• Physical address is needed
• Host is recognized at the network level by their
logical (IP) address
• Host is recognized at the physical level by their
physical (Ethernet) address
—Physical address is implemented in hardware
—Example is 48-bit Ethernet address
• A mapping is needed to link the two addresses

3 4
Address Resolution Protocol
(ARP) Figure 21.1 ARP operation

• Logical (IP) address is obtained from the DNS

(Chapter 25)
• Physical address is obtained from the receiver
— arp –a <ip address>
• Sender creates ARP packet with
—Its own physical and IP addresses
—IP address of the receiver
• ARP packet is broadcasted over the network
• Intended recipient recognizes its IP address and
send back an ARP response packet
• ARP entry is cached for 20-30 minutes
5 6

Figure 21.2 ARP packet

ARP Fields
• Hardware type: Type of network on which ARP
is running (Ethernet is type 1)
• Protocol type: Protocol for network layer (IP is
0x0800)
• Hardware length: Length of physical address in
byte (6 bytes for Ethernet)
• Protocol length: Length of network layer
address in byte (4 bytes for IP)
• Operation: 1 for request, 2 for reply
• Target hardware address: all 0s for ARP request

7 8
 Figure 21.4 Four cases using ARP

Figure 21.3 Encapsulation of ARP packet

• Type field indicates that data is ARP packet

9 An ARP request is broadcast; an ARP reply is unicast.10

Example 21.1 Figure 21.5 Example 21.1, an ARP request and reply

A host with IP address 130.23.43.20 and physical address

B2:34:55:10:22:10 has a packet to send to another host with IP
address 130.23.43.25 and physical address A4:6E:F4:59:83:AB. The
two hosts are on the same Ethernet network. Show the ARP request
and reply packets encapsulated in Ethernet frames.

Solution
Figure 21.5 shows the ARP request and reply packets. Note that the
ARP data field in this case is 28 bytes, and that the individual
addresses do not fit in the 4-byte boundary. That is why we do not
show the regular 4-byte boundaries for these addresses.

11 12
 Reverse ARP (RARP)
Figure 21.6 Proxy ARP

• RARP finds the logical address for a machine

• Proxy ARP: ARP that acts on behalf of a set of
host by ARP router
• Router sends ARP reply with its own hardware
(physical) address
that knows only its physical address
—Good for diskless machine
• Response by another machine (RARP server)
that knows all IP addresses
—Can only work in local network because broadcasted
RARP request will not go pass router
—One RARP server is needed in each subnet
13 14

Figure 21.7 BOOTP client and server on the same and different networks

Bootstrap Protocol (BOOTP)

• Application layer protocol
• BOOTP message is encapsulated in a UDP packet and
forwarded to BOOTP server
• Also need one relay agent in each subnet to forward
request to BOOTP server
— Intercept broadcasted BOOTP request
— Encapsulate request in unicast datagram and forward to BOOTP
server
• Agent know unicast IP address of BOOTP server
— Also relay reply to BOOTP client
• Still use static binding between physical and logical
addresses

15 16
Dynamic Host Configuration
II. ICMP
Protocol (DHCP)
• Provides static and dynamic address allocation that can
be manual or automatic The IP protocol has no error-reporting or error-
• Static address allocation: Similar to BOOTP and also correcting mechanism. The IP protocol also lacks a
support BOOTP client mechanism for host and management queries. The
• Dynamic address allocation Internet Control Message Protocol (ICMP) has been
— DHCP client requests a temporary IP address designed to compensate for the above two deficiencies.
— DHCP server choose one from the pool of available (unused) IP
address It is a companion to the IP protocol.
— DHCP server assigns that IP address for a negotiable period of
time
• Good when host moves from network to network or is
Topics discussed in this section:
connected and disconnected from a network Types of Messages
• Client must renew the lease or stop using it when the Message Format
address lease expires Error Reporting and Query
17
Debugging Tools 18

ICMP Common header

Figure 21.8 General format of ICMP messages

• There are two types of message

—Error reporting message
—Query message (always occur in pair)
• Allow host or network manager to get specific information
from router or another host
• Code field specifies reason for the message type

ICMP always reports error messages to the

original source.
19 20
Figure 21.9 Error-reporting messages Figure 21.10 Contents of data field for the error messages

Important points about ICMP error messages:

ҩ No ICMP error message will be generated in response to a datagram • All error messages contain data section with IP
carrying an ICMP error message. header of the original datagram plus the first 8
ҩ No ICMP error message will be generated for a fragmented datagram that
is not the first fragment.
bytes of data in the datagram
ҩ No ICMP error message will be generated for a datagram having a • That 8 bytes provide information on port number and
multicast address. sequence number of TCP or UDP
ҩ No ICMP error message will be generated for a datagram having a special
address such as 127.0.0.0 or 0.0.0.0. 21 22

ICMP Error Reporting message Figure 21.11 Redirection concept

• Destination unreachable
— Router or host cannot deliver a datagram
• Source quench
— Provide a tool for flow control
— When a router discard datagram due to congestion, it will send
source quench message to sender of datagram
— Inform source that datagram has been discarded
— Warn source that there is congestion and that it should slow
down • Parameter problem
— Router report ambiguous or missing value in a datagram header
• Time exceed
— Error in routing table can cause packet to loop indefinitely • Redirection
— Router decreases TTL by 1 every time it receives packet — Router notifies source that packet should be sent to another
router
— If the value reaches zero, router discards packet and send time
exceed message to original source — Datagram will still be forwarded to the correct router
— Also generated if not all fragments arrive within certain limit — Host will update its internal routing table after the notification
23 24
Figure 21.12 Query messages Figure 21.13 Encapsulation of ICMP query messages

• Echo request and reply

— Utilized by ping command that create a series of echo requests • Query ICMP packet takes place of the IP data
— Common tool to get statistical information
• Timestamp request and reply
— Provide a tool for determining round-trip time or synchronize
the clock
• Address-Mask request and reply
— Host may not know its corresponding address mask
— Host can send request to its LAN router to obtain subnet mask 25 26

ICMP Query message Example 21.2

• Router solicitation and Advertisement

Figure 21.14 shows an example of checksum calculation
—Used to solicit or advertise routing and router
information for a simple echo-request message. We randomly chose the
identifier to be 1 and the sequence number to be 9. The
• Checksum
message is divided into 16-bit (2-byte) words. The words
—Calculated over the entire message
are added and the sum is complemented. Now the sender
can put this value in the checksum field.

27 28
Figure 21.14 Example of checksum calculation Example 21.3

We use the ping program to test the server fhda.edu. The result is
shown on the next slide. The ping program sends messages with
sequence numbers starting from 0. For each probe it gives us the
RTT time. The TTL (time to live) field in the IP datagram that
encapsulates an ICMP
message has been set to 62. At the beginning, ping defines the
number of data bytes as 56 and the total number of bytes as 84. It is
obvious that if we add 8 bytes of ICMP header and 20 bytes of IP
header to 56, the result is 84. However, note that in each probe ping
defines the number of bytes as 64. This is the total number of bytes in
the ICMP packet (56 + 8).
29 30

Example 21.3 (2)

ICMP Debugging Tool: Ping
• Source host sends ICMP echo-request messages
—Type 8, code 0
—Also insert sending time into packet
• Destination replies with ICMP echo-reply
—Compare timing to determine round-trip time
• 84 bytes = 54-byte data + 8-byte ICMP header
+ 20-byte IP header
• 64 bytes = 54-byte data + 8-byte ICMP header

31 32
Figure 21.15 The traceroute program operation
33
Example 21.4
We use the traceroute program to find the route from the computer
voyager.deanza.edu to the server fhda.edu. The following shows the
result:
The unnumbered line after the command shows that the destination is
153.18.8.1. The packet contains 38 bytes: 20 bytes of IP header, 8
bytes of UDP header, and 10 bytes of application data. The
application data are used by traceroute to keep track of the packets.
35
ICMP Debugging tool: Traceroute
• Traceroute of packet from source to destination
• Packet is sent to destination with TTL = 1
• First router will discard packet (TTL = 0) and send ICMP
time-exceed message to sender
— Type 11, code 0
• Traceroute program uses source address in IP packet to
determine the router’s address
— Timing of each step is recorded and used for statistic calculation
• Process is repeated with TTL = 2, 3, 4, …
• Also use invalid UDP port to force destination to return
ICMP destination-unreachable message to sender
— Type 3, code 3
34
Example 21.4 (2)
The first line shows the first router visited. The router is named
Dcore.fhda.edu with IP address 153.18.31.254. The first round-trip
time was 0.995 ms, the second was 0.899 ms, and the third was 0.878
ms.
The second line shows the second router visited. The router is named
Dbackup.fhda.edu with IP address 153.18.251.4. The three round-trip
times are also shown.
The third line shows the destination host. We know that this is the
destination host because there are no more lines. The destination host
is the server fhda.edu, but it is named tiptoe.fhda.edu with the IP
address 153.18.8.1. The three round-trip times are also shown.
36
 Example 21.5
Traceroute to Yahoo
In this example, we trace a longer route, the route to xerox.com.
Here there are 17 hops between source and destination. Note that
some round-trip times look unusual. It could be that a router was
too busy to process the packet immediately.

37 38

Traceroute to Nokia
Traceroute to TRUE Corporation

39 40
 III. Multicasting Requirements for Multicasting
• Addresses that refer to group of hosts on one or • Router may have to forward more than one copy of
more networks packet
• Convention needed to identify multicast addresses
• Uses — IPv4 - Class D - start 1110
—Multimedia “broadcast” — IPv6 - 8 bit prefix, all 1, 4 bit flags field, 4 bit scope field, 112
• Distance learning and video-on-demand bit group identifier
—Informing multiple stockbrokers of change in stock • Nodes must translate between IP multicast addresses
price and list of networks containing group members
—Informing multiple travel agencies of plane • Router must translate between IP multicast address and
cancellation network (physical) multicast address
—Teleconferencing • Mechanism required for hosts to join and leave multicast
—Distributed Database and Distributed computing group

41 42

IV. IGMP
The IP protocol can be involved in two types of
communication: unicasting and multicasting. The
Internet Group Management Protocol (IGMP) is one
of the necessary, but not sufficient, protocols that is
involved in multicasting. IGMP is a companion to the
IP protocol.
IGMP Functionalities
• IGMP manages multicast group membership
—Not a multicast routing protocol (Chapter 22)
—Give multicast routers information about membership
status of a host or router
—Without membership status, router will have to
broadcast all multicast packets

Topics discussed in this section:

Group Management
IGMP Messages and IGMP Operation
Encapsulation
Netstat Utility 43 44
Figure 21.17 IGMP message format Figure 21.16 IGMP message types

• Maximum response time defines the amount of

Table 21.1 IGMP type field
time that a query must be answered, in tenths
of a second
• Value of 100 means 10 seconds
• Group address = Group ID or multicast IP
address of the group
• 0 for a general query message
45 46

Figure 21.18 IGMP operation

Joining and leaving a group
• Joining a group
—Host sends two membership reports to the multicast
address of the group
• In IGMP, a membership report is sent twice, one after the other.

• IGMP operates locally – IP’s TTL always equals to 1
• A multicast router has a list of multicast addresses of the
groups with at least one member in its network
• Only one router distributes multicast packets destined for
a given group
• Only one router (R) distributes packets to 225.70.8.20
• Leaving a group
—Host or router multicasts leave report to all routers
on its subnet
—Multicast router receiving this report additionally
verify that no other hosts is interested in this group
• Via special query message with multicast address of this
group
• If there is no response, router purges the group from its list
47 48
Monitoring the membership
• Router periodically sends a general query
message every 125 seconds with group id =
0.0.0.0
—Update status of all group memberships in its network
—The general query message does not define a
particular group
• Only one router should send the query
—Other routers receives responses and update their lists
• Only one host in the network needs to respond
—Each host picks a random timer before broadcasting
the response (membership report)
—Other waiting hosts cancel their corresponding timer
49
Figure 21.19 Example 21.6
51
Example 21.6
Imagine there are three hosts in a network, as shown in Figure 21.19.
A query message was received at time 0; the random delay time (in
tenths of seconds) for each group is shown next to the group address.
Show the sequence of report messages.
Solution
The events occur in this sequence:
a. Time 12: The timer for 228.42.0.0 in host A expires,
and a membership report is sent, which is received by
the router and every host including host B which
cancels its timer for 228.42.0.0.
50
Example 21.6 (2)
b. Time 30: The timer for 225.14.0.0 in host A expires, and
a membership report is sent which is received by the
router and every host including host C which cancels its
timer for 225.14.0.0.
c. Time 50: The timer for 238.71.0.0 in host B expires,
and a membership report is sent, which is received by
the router and every host.
d. Time 70: The timer for 230.43.0.0 in host C expires,
and a membership report is sent, which is received by
the router and every host including host A which
cancels its timer for 230.43.0.0.
Only four reports are needed instead of seven if all hosts report
52
Figure 21.20 Encapsulation of IGMP packet Table 21.2 Destination IP addresses

• The IP packet that carries an IGMP packet has a

value of 1 in its TTL field.
• No IGMP must travel beyond LAN
53 54

Figure 21.21 Mapping class D to Ethernet physical address

• IP multicast address is still needed to be mapped to

physical layer multicast address
— ARP cannot find the corresponding physical address
• For Ethernet, multicast address has unique 25-bit prefix
55 — Remaining 23 bits come directly from IP multicast address 56
 Example 21.7
Physical multicast address
• Five bits in IP multicast address is ignored Change the multicast IP address 230.43.14.7 to an Ethernet
—32 (25)
IP multicast addresses are mapped to one multicast physical address.
Ethernet multicast address
—Host may receive packets that do not belong to its Solution We can do this in two steps:
group and need to discard them a. We write the rightmost 23 bits of the IP address in hexadecimal.
• By also inspecting IP multicast address This can be done by changing the rightmost 3 bytes to
hexadecimal (E6.2B.0E.07) and then subtracting 8 from the
leftmost digit if it is greater than or equal to 8.
In our example, the result is 2B:0E:07.

b. We add the result of part a to the starting Ethernet multicast

An Ethernet multicast physical address is in the range address, which is 01:00:5E:00:00:00. The result is
01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF.
57 58

Example 21.8 Figure 21.22 Tunneling

Change the multicast IP address 238.212.24.9 to an

Ethernet multicast address.

Solution
a. The rightmost 3 bytes in hexadecimal is D4:18:09. We need to
subtract 8 from the leftmost digit, resulting in 54:18:09.

b. We add the result of part a to the Ethernet multicast starting •For network that does not support multicast (most
address , which is 01:00:5E:00:00:00. The result is
WAN), tunneling is used

59 60
 Example 21.9 Example 21.9 (2)

We use netstat (see next slide) with three options: -n, -r,
and -a. The -n option gives the numeric versions of IP
addresses, the -r option gives the routing table, and the -a
option gives all addresses (unicast and multicast). Note that
we show only the fields relative to our discussion.
“Gateway” defines the router, “Iface” defines the interface.

Note that the multicast address is shown in color. Any

packet with a multicast address from 224.0.0.0 to
239.255.255.255 is masked and delivered to the Ethernet
interface.
239.255.255.255 is obtained from mask (1110 000.0.0.0) 61 62

V. ICMPv6 Figure 21.23 Comparison of network layers in version 4 and version 6

We discussed IPv6 in Chapter 20. Another protocol

that has been modified in version 6 of the TCP/IP
protocol suite is ICMP (ICMPv6). This new version
follows the same strategy and purposes of version 4.
• RARP is dropped because BOOTP has the same
functionality
Topics discussed in this section: • ICMP is still divided into two categories
Error Reporting —Error reporting and Query
Query

63 64
 Table 21.3 Comparison of error-reporting messages in ICMPv4 and ICMPv6 Table 21.4 Comparison of query messages in ICMPv4 and ICMPv6

• Timestamp request and reply are eliminated

because they are implemented in TCP
• Packet too big is added because router can no
longer fragment packet • Address mask request and reply are eliminated
because IPv6 has so many possible subnets
—232-1 = 4 billion subnets eliminate the need to do
65
dynamic partitioning 66