Chapter 9: Network Layer Deep Dive
Metadata Card
| Attribute | Content |
|---|---|
| Volume | Vol 4 — Computer Networking |
| Chapter | Chapter 9: Network Layer Deep Dive |
| Prerequisites | Chapter 1 (Layering Model), Chapter 3 (TCP Basics) |
| Next | Chapter 10: TCP Congestion Control |
| Theory Depth | (4/5) |
| Python Relevance | ≈70%; building IP packets, fragmentation simulation, routing convergence simulation |
| Core Concepts | IP fragmentation, CIDR, NAT, ICMP, distance vector, link state, BGP |
| Code | ~150 lines |
Your Progress
"One layer up — the post road's perspective. Spell coordinate addressing, post road routing protocols, portal address translation (NAT) — you're looking at the entire post road map. How do beacon towers know which post road path is the shortest?"
The network layer (IP layer) handles two things:
- Addressing — Give every beacon tower a globally unique "post road address" (IP address)
- Routing — Decide which intermediate stations your spell message should travel through
IPv4 Header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options (if any) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Field | Length | Meaning | Where You'll Meet It |
|---|---|---|---|
| Version | 4 bits | Always 4 or 6 | NIC's first check |
| IHL | 4 bits | Header length (×4 bytes, min 5=20B) | Starting offset for parsing |
| Total Length | 16 bits | Entire IP packet length (incl. data) | Needs fragmentation if > MTU |
| Identification | 16 bits | Original packet ID for fragments | Fragments reassemble by this |
| Flags | 3 bits | DF=don't fragment, MF=more fragments | MTU detection |
| Fragment Offset | 13 bits | Fragment offset in original data (×8 bytes) | Ordering during reassembly |
| TTL | 8 bits | Decremented per hop, discard at 0 | Core of traceroute |
| Protocol | 8 bits | Upper protocol number | 6=TCP, 17=UDP, 1=ICMP |
| Header Checksum | 16 bits | Recalculated per hop | One source of router overhead |
IP Fragmentation — When Packets Exceed MTU
IP splits data > MTU into fragments. Fragmentation offset unit = 8 bytes. Only the last fragment has MF=0. DF=1 means routers don't fragment — drop + ICMP error (used by PMTUD). Reassembly happens at the receiver, not at routers.
CIDR — Wasting No More Addresses
CIDR (Classless Inter-Domain Routing): instead of fixed /8/16/24, use arbitrary prefix lengths.
192.168.1.0/24 → mask 255.255.255.0 → 256 addresses (254 usable)
10.0.0.0/8 → mask 255.0.0.0 → 16 million addresses
203.0.113.0/28 → mask 255.255.255.240 → 16 addresses (14 usable)NAT/NAPT — One Public IP Feeds a Family
NAT translates internal addresses (192.168.1.x) to one public address. NAPT adds port translation:
Internal: 192.168.1.101:54321 → Router WAN: 203.0.113.5:65000
Internal: 192.168.1.102:54321 → Router WAN: 203.0.113.5:65001ICMP — Network Layer's Messenger
ICMP doesn't carry application data — only error and diagnostic messages. Two classic tools use ICMP:
- ping: ICMP Echo Request/Reply
- traceroute: Uses TTL exhaustion + ICMP Time Exceeded
Routing Algorithms
| RIP (Distance Vector) | OSPF (Link State) | BGP (Path Vector) | |
|---|---|---|---|
| Scope | Within AS | Within AS | Between ASes |
| Metric | Hop count (max 15) | Cost | Policy (business) |
| Method | Bellman-Ford | Dijkstra | Path vector + AS_PATH |
| Convergence | Slow (counting to ∞) | Fast | Slow (minutes) |
| Scale | Small networks | Large networks | Global internet |
Traveler's Notes
Every time you ping to check connectivity, you're using the network layer's diagnostic messenger (ICMP). Every time you connect to a device behind your home router, you're benefiting from NAT's address sharing. And every time a website loads slowly due to routing issues, you can use traceroute to pin down exactly which hop is the bottleneck. The network layer is what makes the global internet possible.