Network Layer Functions
The Network layer of the OSI model serves two primary functions:
- Determines the best path selection for a packet based on a logical or virtual address on the network (routing)
- Handles ICMP, ARP, and Proxy ARP requests
First, best path determination is made at the Network layer for packet delivery across the network. Routed protocols such as IP are used to define logical addressing, which can identify the destination of a packet or datagram. Logical addresses used for routing consist of network and host bits. Routers also must determine the path through the internetwork for packet transmission. This is similar to how switches use a MAC address and interface for frame delivery. Routers also use an interface along with the logical or IP address.
Second, the Network layer also handles ICMP, ARP, and Proxy ARP requests on the internetwork. Remember the function of each protocol for the CCNA exam.
Internet Control Messaging Protocol (ICMP) is used by ping and traceroute utilities. Packet Internet Groper (ping) enables you to validate that an IP address exists and can accept requests.
- Ping is an echo and the response is an echo response.
- Routers send Destination Unreachable messages when they can’t reach the destination
network and they are forced to drop the packet. The router that drops the packet sends the ICMP DU message. A traceroute traces the route or path taken from a client to a remote host. Traceroute also reports the IP addresses of the routers at each next hop on the way to the destination. This is especially useful when you suspect that a router on the route to an unreachable network is responsible for dropping the packet.
Address Resolution Protocol (ARP) maps a known IP address to a MAC address by sending a broadcast ARP. When the destination IP address is on another subnet, the sender broadcasts ARP for the router’s Ethernet port or default gateway, so the MAC address sent back will be that of the router’s Ethernet port.
Reverse ARP (RARP) maps a known MAC address to an IP address.
Proxy ARP enables a router to respond to an ARP request that has been sent to a remote host. Some Unix machines (especially Solaris) rely on Proxy ARP versus default gateways.
IP Addressing and Formats
Internet Protocol (IP) uses logical or virtual addressing to get a packet from a source to its destination. At the Network layer, routers use IP addresses to make best path forwarding decisions. Public IP addresses are used for packets destined for the outside world, whereas private addresses can be used if the packet needs to traverse only an internal network. The CCNA course focuses on IP version 4 (IPv4). The addresses themselves are assigned by the Internet Assigned Numbers Authority (IANA) to individual organizations based on a request for IP address space. Because the total number of IPv4 addresses is not infinite, strict guidelines are placed on IP space requests to ensure that they are justifiable.
- Consist of 32 bits.
- Are broken into four octets (8 bits each).
- Use dotted-decimal format, such as 172.16.122.204.
- Have a minimum value (per octet) of 0 and a maximum value of 255.
- Have a Network ID of 0.0.0.0.
- Have a Broadcast IP of 255.255.255.255.
Another IP version was created in the event that the IP space from IPv4 is exhausted. That version is called IP version 6 (IPv6). IPv6 has emerged in the Cisco professional-level exams and may appear on a future CCNA exam. For this reason, IPv6 is introduced later in this chapter.
To understand IP addressing, you must first understand binary. Binary is a computer language that is represented by a bit value of 0 or 1. A 32-bit binary address would resemble 10101010101010101010101010101010. Those 32 bits can be grouped into four octets, or 10101010 10101010 10101010 10101010, for conversion to decimal format. When the bit value is 1, the bit is considered to be on and you can calculate its binary value depending on its placement within the binary octet. When the bit value is 0, the bit is off and has no corresponding binary value. Figure 5.1 displays the binary value and the calculated decimal value of each bit within an octet. Notice that the binary value increases exponentially
FIGURE 5.1 A list of binary and decimal conversion values.
Converting Binary to Decimal
By using the value calculated for each bit you can easily convert to decimal format. Line up the binary octet with the decimal value that was calculated in Figure 5.1. To calculate the total decimal value of each octet, you would add up the binary value of each bit that is on (1). The example in Table 5.1 uses binary octet 00000000.
In this case, all the bit values are off (0), so there is no corresponding decimal value. The IP address octet value is also 0. Table 5.2 uses binary octet 00010001.
In this example, the fourth and last bit values are 1. Add the decimal values to get the total decimal value of that octet. That is, the total decimal value = 17 (16 + 1).
Table 5.3 uses binary octet 11111111.
In Table 5.3, the total decimal value = 255 (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1).
In this case, all the bit values are on (1), so all the decimal values are added together to calculate the IP address octet. The IP address octet value is 255.
Now, you can convert a 32-bit binary address into a dotted-decimal address. In this example the binary address is 10101010 01010101 11000011 00111100. Start with the first octet 10110000. Table 5.4 shows the conversion of 10101010 from binary to decimal value.
n Table 5.4, the total decimal value = 170 (128 + 32 + 16).
The second octet is 01010101. Table 5.5 shows the conversion of 01010101 from binary to
In Table 5.5, the IP octet value = 85 (64 + 16 + 4 + 1).
The third octet is 11000011. Table 5.6 shows the conversion of 11000011 from binary to decimal value.
In Table 5.6, the total decimal value = 195 (128 + 64 + 2 + 1)
The fourth and final octet is 00111100. Table 5.7 shows the conversion of 00111100 from binary to decimal value.
In Table 5.7, the total decimal value = 60 (32 + 16 + 8 + 4).
Based on these calculations, the IP address in dotted-decimal format is 184.108.40.206.
Whenever the last bit is 1, the decimal value is an odd number. Whenever the last bit is 0, the decimal value is an even number. The CCNA exam often uses multiple-choice questions, so you may be able to narrow down the possible correct answers quickly with this hint.
Converting Decimal to Binary
You must also be able to convert an IP address from dotted-decimal format into binary. It helps to work from left to right when converting to binary.
Example IP address = 220.127.116.11
The first octet of 206 can be broken down as follows:
128 64 32 16 8 4 2 1
1 1 0 0 1 1 1 0
The octet value is greater than 128, so the first bit is on. Subtract 128 from 206.
206 – 128 = 78
The remainder 78 is greater than 64, so the second bit is also on.
78 – 64 = 14
The remainder 14 is less than 32 and 16, so the third and fourth bits are off. However, 14 is greater than 8, so the fifth bit is on.
14 – 8 = 6
The remainder 6 is greater than 4, so the sixth bit is on.
6 – 4 = 2
The remainder 2 is equal to the seventh bit value, so that bit is also on.
2 – 2 = 0
The last bit value is off because the remainder is 0. Remember that it is an even number, so the last bit will always be 0!
Hexadecimal is a numbering system with a base of 16. Numbers 0 through 9 represent the first 10 decimal digits and the next 6 digits are the letters A through F. Each hexadecimal character is equal to four bits. Hexadecimal format was first introduced in Chapter 1, during the discussion of MAC addresses at the Data Link layer. Figure 5.2 shows the decimal values 0 through 15 and their equivalent hexadecimal values.
Converting Decimal to Hexadecimal
There are two ways to calculate hexadecimal from decimal format. With the first method, the decimal value should first be converted to binary format.
Decimal value = 141
128 64 32 16 8 4 2 1
1 0 0 0 1 1 0 1
Binary value = 10001101
Now break the binary value into two groups of 4 bits each, which is 1000 and 1101. Then, line up the 4 bits with the last four decimal values that were calculated in Figure 5.1. Again, add up the binary value of each bit that is on (1).
1 0 0 0
8 4 2 1
8 The combined value is 8 so the hexadecimal character = 8
1 1 0 1
8 4 2 1
8 4 1 The combined value is 13 so the hexadecimal character = D
The combined hexadecimal address is 0x8D.
The second method for calculating a hexadecimal address is to divide the decimal number by 16 first. So, 141 divided by 16 equals 8 with a remainder of 13, which matches the results from the binary conversion in the first method.
Recall how 8 bits for an octet equals one byte. Well, when you divide an octet into two hexadecimal fields of 4 bits each, each 4-bit field is called a nibble.
IP Address Classes
As you know, IP addresses are 32 bits long, represented by dotted-decimal notation. Each address can be divided into two parts:
The number of network octets and host octets determines the IP address class. Table 5.8 shows the three IP defined network classes.
TCP/IP defines two additional address classes:
- Class D: Used for multicast addresses
- Class E: Used for research purposes
Table 5.9 lists the possible values each class network can have in the first octet. With these values you can easily identify what class network is being referenced on the exam.
The 127.x.x.x address range is reserved for loopback addresses.
The network portion of an address maintains the same value for all the IP addresses that are assigned from a Class A, B, or C network. Remember that one octet is equal to 8 bits or 1 byte. The Class A network portion is 1 byte, and the host portion takes up the remaining 3 bytes. The Class B network portion is 2 bytes, with the remaining 2 bytes making up the host portion. The Class C network portion is 3 bytes, whereas the host portion is 1 byte. It stands to reason that if fewer bytes are devoted to the network portion of an address, fewer networks are possible for that class of network. With that said, the same is true for the host portion of an address. The fewer host bytes, the fewer total hosts that are available for that class of network.
When calculating the total number of Class A, B, or C networks available, you must subtract 2 from the total. This is a Cisco standard implemented for the CCNA exam. A host address must be unique for each device or interface on a network. For each Class A, B, or C network, there is always a network identifier (ID) and a broadcast IP address. For this reason, you must also subtract two to calculate the total number of valid hosts per network.
A network ID is the first IP address in a network. This may also be referred to as a subnet ID. Every host bit for the network ID address is turned off (or all 0s). An example of a Class A network ID is 18.104.22.168.
A broadcast IP is the last IP address in a network. Every host bit for the broadcast IP address is turned on (or all 1s). An example of a Class A broadcast IP is 22.214.171.124.
Power of 2 When you enter the exam room, it’s helpful to write down some things on the paper or white board that is supplied. I would suggest writing down the powers of 2 for quick reference when calculating networks and hosts.
Here’s a calculation for the number of networks for each class:
27 – 2 = 126 total Class A networks
214 – 2 = 16,382 total Class B networks
221 – 2 = 2,097,150 total Class C networks
When calculating the total number of Class A, B, or C networks, the exponent is a multiple of 7.
Now you can calculate the number of hosts per network:
For any Class A network,
Network = 1 byte (8 bits)
Host = 3 bytes (24 bits)
224 – 2 = 16,777,214 total hosts per network
For any Class B network,
Network = 2 bytes (16 bits)
Host = 2 bytes (16 bits)
216 – 2 = 65,534 total hosts per network
For any Class C network,
Network = 3 bytes (24 bits)
Host = 1 byte (8 bits)
28 – 2 = 254 total hosts per network
When calculating the total number of hosts per network, the exponent is equal to the number of host bits.
Sub-networks (subnets) enable you to break a large network of IP addresses down into smaller, manageable address ranges. A smaller address range means fewer hosts on a network. Each subnet becomes a separate broadcast domain. All the devices that are in the same broadcast domain receive all broadcasts. Think if it were possible to have all 16,777,214 Class A network hosts sharing a broadcast domain and receiving all broadcasts. That would be a huge amount of traffic. Subnets enable you to break this large network into smaller address ranges. In this case, smaller is better.
A subnet mask is used to identify which part of an IP address is the network portion. Like the IP address itself, a subnet mask consists of 32 bits. The network portion is represented by all 1s.
The default subnet masks for Class A, Class B, and Class C networks are as follows:
- Class A: 255.0.0.0 (11111111 00000000 000000000 000000000)
- Class B: 255.255.0.0 (111111111 1111111111 000000000 000000000)
- Class C: 255.255.255.0 (111111111 1111111111 111111111 0000000000)
Now that you know what an IP address and subnet mask are, there is a mathematical operation called Boolean AND that helps to identify some important aspects of an IP network. With Boolean AND you can determine the network ID and broadcast IP given an IP address and subnet mask.
Boolean AND works as follows:
- Determines the binary value of the IP address.
- Determines the binary value of the subnet mask.
- Lines up both binary values one on top of the other.
- If the lined-up bit values in both addresses equal 1, the Boolean bit is also 1.
- If the lined-up bit values in both addresses do not equal 1, the Boolean bit is 0.
Table 5.10 provides a Boolean example. The decimal IP address value = 126.96.36.199, and the subnet mask = 255.0.0.0.
The network ID in this example is 188.8.131.52. Using Boolean you can see that the host bits in the last three octets are 0 bits, which identifies the network ID. I emphasized the last host octet in Table 5.10. If you turn all of those host bits on, you will get the broadcast IP, which in this case is 184.108.40.206.
For the next example (Table 5.11), the decimal IP address value = 220.127.116.11, and the subnet mask = 255.255.0.0.
The network ID in this example is 18.104.22.168. Using Boolean you can see that the host bits in the last two octets are 0 bits, which identify the network ID. I emphasized both host octets in the example. If you were to turn all those host bits on, you would get the broadcast IP, which in this case is 22.214.171.124.
Classless Interdomain Routing (CIDR) notation may also be used to identify the subnet mask.
The mask is written in slash notation as follows:
- Class A: /8
- Class B: /16
- Class C: /24
The CIDR notation or prefix notation for each network class can be determined by counting the 1s in binary or the number of bits that make up the network portion of the address.
Private (RFC 1918) Addressing
- Describe the operation and benefits of using private and public addressing
The previously listed Class A, B, and C addresses are all IANA assigned public IP addresses. Although it originally seemed that there was sufficient public IPv4 address space available, resources began being consumed quickly. I mentioned that IPv6 was developed in the event that IPv4 address space became exhausted. Other measures were also implemented to alleviate the shortage of IPv4 public IP address space. These measures include RFC1918, Network Address Translation (NAT), and Port Address Translation (PAT). RFC 1918 defines private IP address space. Private address space can be used for traffic that does not need to leave the internal network. Because this traffic is internal to the network, it does not matter if other organizations are using the same address space. Private IP addresses are not routable on the Internet.
IANA Private Address Space Allocations include the following IP address ranges for Class A, Class B, and Class C networks:
- Class A: 10.0.0.0–10.255.255.255
- Class B: 172.16.0.0–172.31.255.255
- Class C: 192.168.0.0–192.168.255.255
NAT translates one IP address to another. Typically this is done between private and public IP addresses. For example, a private IP address can be translated with NAT to a public IP address for outbound transmission to the Internet. NAT can also translate a public IP address to a private IP address for inbound transmission on the internal network. PAT can translate multiple addresses on an internal network to a single public IP address, which is called one-to-many address translation. PAT is available as NAT overloading on Cisco routers.
Chapter 21, “Command-Line NAT Implementation,” covers NAT terminology and configurations in detail.