Networking Primer – Part 5.3: Network Layer – IP Routing

Previous: Networking Primer – Part 5.2: Network Layer – DNS and DHCP

Up until this point, all of the layers, addresses and other attributes we have discussed have conceptually existed inside either the source or destination node.  We now need a mechanism for physically moving the data from point A and B.  While it is possible and would provide a very simple solution to delivering data, having a single connection between each source and destination node isn’t feasible.  This might be appropriate for a test system in a lab where we could use a cross-over cable to connect two computers together, but we would face insurmountable challenges if we tried to connect the billions of devices in the world together with one-to-one connections.  We need to split down our global network into smaller interconnect pieces and it is at this point we introduce additional devices outside of the nodes that will be responsible for routing the data between source and destination. These additional devices are very aptly named “Routers”.

In reality the internet is a huge complex and organic network that spans the globe like a gigantic spiderweb. While it would be interesting to dig into the internet in great depth, we’ll stay with our theme of simplicity.

Map of The Internet

Map of the Entire Internet 2014 – Source :

The Default Gateway

In most small to medium-sized environments there will be a single router that is responsible for taking packets destined for external nodes and routing them accordingly. If the source and destination nodes are inside the same network, then there is no need for a router to be involved as the nodes will usually be connected to the same physical media, have access to the same broadcast domain and can communicate directly.  If the destination node is outside of my network, my source node will automatically send it to my Default Gateway, which is the router that will forward it on towards the external destination.

A Router is essentially just another computer that sits on its own IP address in the network. Rather than having a server or desktop operating system installed, it has a stripped down specialised operating that is optimised for the processes required for routing.  If you look underneath the CLI (command line interface) for the device, you will find that the operating system is most likely a descendant of UNIX or Linux, that has been tailored for this specific purpose.  Traditionally, these devices were built on custom hardware, with custom chipsets designed to perform with rapid speed in mind. This is something that is changing. With the continued exponential performance increases in commodity x86 hardware, the cost/benefit ratio of using custom hardware versus decoupled software backed by commodity x86 servers no longer stacks up in custom hardware’s favour. I’ll address this in more depth in future posts.

The nodes in our network are aware of the default gateway, as they the default gateway address is either configured manually or provided by the DHCP server at network configuration time.  On Windows, the Default Gateway can be identified using the IPCONFIG command:

Default Gateway Highlight

When the default gateway receives our packet, it examines the destination IP address, performs a lookup in it’s routing table to find where to send it and forwards the packet onward to the next router in the journey.  It’s important to note here that the Router might not necessary know the final router’s destination address, it simply knows the address of the next hop or step to take.  The same process happens at each decision point (router) in the journey, until the packet finally reaches it’s end destination. This being the router that is responsible for (has authority over) the network where the destination node is hosted.

How do Routers Know Where to Route?

While it is possible to manually edit the routing table by adding static routes for the next hop of known destinations, routers are thankfully much more intelligent. There are a number of protocols which routers can implement, so that they may automatically discover and share route information. This makes networks very flexible and also able to adapt quickly to change. These protocols are sub-divided into two groups, IGPs (Interior Gateway Protocols) and EGPs (Exterior Gateway Protocols).  IGPs are used in larger environments where an organisation might have multiple routers and many nodes with multiple geographical or logical segmentations. One such protocol is RIP (Routing Information Protocol). EGPs are used at the border between autonomous systems (i.e. at the gateway between networks that are controlled by different entities). BGP (Border Gateway Protocol) is an example of an EGP.

Additional Tags

It is worth mentioning at this point that in addition to simple packet forwarding, modern routers also give us some extra functionality. One area where we can leverage the router is to enforce a certain level of service. We are able to flag each packet with a priority, this comes in the form of a DSCP (Differentiated Service Code Point) tag that we can place in the IP packet header. This can be used by routers that support QoS (Quality of Service) operations to prioritize packets. By default, higher priority packets will be sent first, and lower one’s queued in buffer space until there is bandwidth available to send them. If the buffer capacity fills, the router will simply discard lower priority packets that won’t fit in the buffer. This might sound like a very bad thing, but that’s where TCP would step in for important packets and resend them when the notification is received from the destination that packets haven’t arrived.

The Pirate Ship: In our pirate scenario, we’ll say that the Post Master in the mailroom of my office is my Default Router.  If I wanted to send my Lego package to another room in the building, I wouldn’t bother the Post Master, I’d simply use a different mechanism to get it to the other room which we’ll discuss in future posts. In this instance, I do want to send the package to an external address so the first point it will reach is the Post Master. Before sending the package to him, I have put some additional information on it, in the form of a marking that says “1st Class”. This would be analogous in the IP world of applying QoS tags to ensure the packet receives the appropriate level of service.

He reads the marking and ensure’s the package is dealt with before other lower priority packages. He knows that it needs to be posted at the local Post Office and sends his mailroom assistant on his bicycle to do this immediately. The local post office receives the package, examines the destination address and performs another routing action. As it’s going from Manchester to London, the next hop for the package is to send it to the North West UK Distribution Centre (NWUKDC). It’s placed in a van and sent the same day. Packages aren’t delivered directly from NWUKDC to locations in the South East. They are bulk transported via truck to the South East equivalent Distribution Centre, SEUKDC. From there my package is routed and sent by van to the local London Post office and then by Post Man to Rich’s office door. At each point in the journey the package is examined and sent to the next hop.

Rich’s room will now receive the package from his Postmaster, and he’ll unwrap it accordingly. This will happen for each piece of the ship and as it arrives, it will be reassembled into the full original form.

Next: Networking Primer – Part 6.1: Data Link Layer, Ethernet and MAC

Networking Primer – Part 5.1: Network Layer – IP Addressing

Previous: Networking Primer – Part 4: Transport Layer, TCP and UDP

The clue might be in the title, but the Network Layer is one of the more important layers in the network stack.  So far we have defined high-level identities, application services and data formats. We have also established our protocols, chopped up data into smaller more manageable pieces and tagged them with a sequence number. It is at this point we need to start defining more details on where we will be sending the data and moving closer to establishing a unique address for both source and destination. We also need network components to be in place to allow us to transmit and route the data appropriately.

Image of 3D IP Address

The two core concepts at work in this layer are addressing and routing.

Addressing: Internet Protocol (IP)

The most ubiquitous protocol used for network addressing and routing is the Internet Protocol, IP (i.e. the IP from TCP/IP). As with most protocols, there have historically been alternatives such as IPX/SPX Novell Netware’s protocol, but these have mostly disappeared as IP has become the defacto standard for data communication. Again, the clue might be in the name here, but it is this protocol that underpins the internet and fundamentally enables everything we do on the internet.

The first thing we need to consider in IP, is addressing. For each node in a network (note: nodes are sometimes referred to as Hosts), we need to provide a unique IP address.  As of today, the bulk of internet communications use IP version 4 (IPv4). IPv4 defines an address as four numbers between 0 and 255, separated by periods  (For example: The format is a little strange and this is due to the underlying need for the systems to convert the more human readable IP address to/from the more computer usable binary representation of the address.

This works very much like a postal address. In a postal address we have a house number, a street name, a city, a region, a country and a post code (USA: Zip Code).  An IP address is much simpler. That four part address is actually  made up of a Host ID (i.e. Node ID) and a Network ID. So really all we need in IP is a house number and a Post Code.  We can split the above address into two parts as follows:

Network ID: 135.168.0
Host ID: 23

For the purposes of this primer, we will keep it simple. In reality, due to the nature of the mapping between binary bits and IP address components. Splitting the address into a Host and Network ID can become much more complex and may straddle the two numbers on each side of a period. You can, for instance, have a node that sits on and another node that sits on One might assume that these are both on the same network (135.168.10) but they could be on different networks. For each node, we apply what’s known as a subnet mask and it is this mask that dictates which Host IDs sit in which networks. There are some moderately involved calculations that happen in the background to decide where the Host to Network split occurs in an address. If you want to do this, my best advice here is to go find a subnet mask calculator.

Networks are also defined by their size, Class A (large: up to 16,777,216 addresses), Class B (medium: up to 65,536 addresses) and Class C (small: up to 256 addresses). There is also a Class D & E but these are not related to size.

A typical subnet mask for a Class C network, looks something like this:


IP Network Scope: Private vs Public and NATing

It is worth understanding a little bit about scope here. A network’s scope may be restricted in an isolated room with no connectivity to the outside world. In which case, all the nodes in that room must have unique network addresses. Let’s call it Room 1. If we have another similar room (Room 2) of nodes all isolated from the outside world, those nodes could have the same addresses as those in Room 1. There is no requirement for uniqueness as the isolation of the two networks means there is never any confusion over which node has which address as they never communicate between rooms. This is most commonly referred to as a private network.

On the internet, all addresses must be unique but due to the exponential growth of the internet, public IPv4 addresses have become scarce as there simply aren’t enough of them to hand out. This has led to organisations implementing architectures where they can minimise the use of public IP addresses. An organisation might only have one public IP address, but many hundred’s of nodes inside their network. So how do all those nodes talk to the outside world? This is done through a process called NATing (NAT – Network Address Translation).  The analogy with the postal service here, is that an office building may have a front door number (Public IP Address), but lots of room numbers inside (Private IP Addresses). Different buildings will have different front door numbers, but inside their is nothing stopping them having the same room numbers (Room 1, Room 2, etc).

The NATing process is responsible for handling the conversion of private IP addresses to public ones and back again. You can think of this as a mail manager sitting at the front door. When someone from Room 1 sends something out of the building, the mail manager logs it’s destination in a table and the fact it came from Room 1. In the destination building, the receiver doesnt necessarily know it’s from Room 1, they just know that it came from that building. If they respond, the mail manager checks his table sees that the originating communication came from Room 1 and sends the reply back up to Room 1.

Public and Private IP Example

In fact, even today it is very likely that your own home uses this concept of public and private IP addressing. If you have broadband at home, the router that your ISP provided will manage a pool of internal private IP addresses that are handed out to your devices (Computers, IPads, TVs, etc) and a single public IP address that the provider uses to identify you on the internet.

Note: There is a new IP protocol which has been available for some year, IPv6. This resolves the “running out of addresses” problem, but isn’t widely deployed today.

Let’s take a look at the IP configuration on your system. Note: PC/Laptop only:

  • Go to your Start Menu and search for and run “Windows Powershell”. This may be in a slightly different location depending on your version of windows. At the Powershell prompt: Type “IPCONFIG” and see the results. You should see something like this:

    IPCONFIG Powershell Screenshot

    Some of the items listed will be recognisable, such as IPv4 address and Subnet Mask. There are also some other items like Default Gateway which we’ll cover in later posts.

  • Open up a terminal window and type IFCONFIG. On a Mac you will see a result that looks like this:

    IFCONFIG Screenshot

    I’ve highlighted some of the same information that you could also see on the Windows tab. The output here is a little more complex and has much more content. We can see our IPv4 address “inet” and also our subnet mask “netmask 0xffffff00”. You’ll notice that the subnet mask is much less recognisable and this is because it’s displayed in hexadecimal format, instead of standard IP or binary. If you convert the hexidecimal to IP, you get which is a standard Class C network subnet mask.

    Linux produces a similar format to this with some slightly different details, but ultimately following the same approach. As you might expect Linux and Mac systems have many similarities due to their sibling nature and UNIX ancestry.

IP addresses are clearly an important factor in the network layer, but even though we have a unique network identity for both our source and destination nodes, they wouldn’t be of much use if we didn’t have a way to direct the data packets across the network from source to destination. That’s where routing comes in.

The Pirate Ship: Let’s use some of the similarities with the postal service in our analogy. Instead of an IP address we’ll have:

My node address as:  Room 62, Building 34, Legofiend Street, Manchester.
Rich’s node address as: Room 78, Building 2, Zoo Street, London.

We’re going to assume that all addresses are public and that there’s is no NATing process occuring between public and private. To align more closely with IP Addressing, let’s split our addresses into a Node and Network ID. So, in both cases the “Room” is the node and the “Building, Street, City” part of the address makes up the network ID.

To pick up where we left our transport manager earlier in the series, we need to apply more information to our packet. It currently has a TCP label and sequence number.  We’re now going to take that packet and put it inside another one, a slightly larger box. On the new package, we’re going to write the destination node address (Rich’s) and the source node address (Mine).

Next: Networking Primer – Part 5.2: Network Layer – DNS and DHCP