IP (the Internet Protocol) is a routing and addressing protocol. When it was first proposed, IP was intended as a way to connect multiple LANs, but now you can imagine IP as a global virtual LAN [1, P. 185].

Although IP version 6 was formalized in 1998, the Internet still mostly uses version 4 of the protocol (IPv4).

Table of contents

  1. IP addresses
    1. Prefixes
    2. Subnets
  2. The IPv4 Header
  3. Interfaces
    1. Multihomed hosts
  4. Special Addresses
  5. Fragmentation
  6. NAT
  7. References

IP addresses

Public IP addresses are administratively assigned. Originally they were assigned by IANA, but IANA now delegates the task to other organizations [1, P. 24].

IP addresses are 32 bits (4 bytes) long. Commonly, IPv4 addresses are represented in dotted decimal notation, where each byte is written in decimal, separated by a period. For example,

Figure: IPv4 address


IP addresses are hierarchical. They are split into two parts: a network part and a host part. The network part has the same value for all hosts on a LAN [2, P. 443].

This addressing strategy is known as CIDR (Classless Interdomain Routing), pronounced cider.

The length of the network part determines how many host addresses are available on a network. For example, if the network part is 16 bits, then 16 bits are free for the host part, which means a maximum of 65534 addressed hosts on the network ().

Prefixes are written in the form A.B.C.D/P, where P is the number of bits used for the network part. For example, an IP address with a 16-bit network part would be denoted as

A network part can’t be inferred from the IP address, so routing protocols must provide the length of the network part when sharing route information [2, P. 443].

The length of the network part can be used to create a subnet mask, which produces the network part when logically ANDed with an IP address.

Figure: Calculating network part using subnet mask

The advantage of splitting IP addresses into parts is that routers can forward packets based solely on their network part. The host part is only used when a packet has arrived in the network specified with the network part [1, P. 193].


Subnets enable a network to be split into multiple smaller networks, rather than requiring networks to be entirely LAN switched [1, P. 195].

Subnets work by assigning a subnet mask to each of the internal networks. In order to route packets internally, a main router must know the subnet mask for each of its subnets. The main router can determine which network to forward a packet to by bitwise ANDing the destination IP address with each of the subnet masks in turn, until a match is found.

The IPv4 Header

The IPv4 header contains the following information:

  • Destination and source address.
  • Indication of IPv4 (vs IPv6).
  • A Time To Live (TTL) value, to prevent routing loops.
  • A field indicating what comes next in the packet (e.g. TCP or UDP).
  • “Fields supporting fragmentation and reassembly”.

[1, P. 186]

The header format is as follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |Version|  IHL  | DS Field  | * |          Total Length         |
   |         Identification        |Flags|      Fragment Offset    |
   |  Time to Live |    Protocol   |         Header Checksum       |
   |                       Source Address                          |
   |                    Destination Address                        |
   |                    Options                    |    Padding    |


[1, P. 186]

Version is for the IPv4 version (0100).

IHL represents the total length of the header length in 32-bit words. Since IHL is 4 bits, the max header size is 15 32-bit words [1, P. 186].

The DS (Differentiated services) Field is used to specify preferential handling for certain packets, e.g. those involved in VoIP.

Total Length is the length of the datagram in octets.

Time to Live is used to stop routing loops. It’s decremented by 1 at each router. If it reaches 0, the packet is dropped.

Protocol indicates the protocol used in the packet’s data. Common values are 6 (TCP), and 17 (UDP).

Header Checksum is used to verify that the header wasn’t corrupted during transmission.

The Source Address and Destination Address fields contain the IPv4 addresses of the sender and the recipient.


IP addresses are given to interfaces, rather than nodes or hosts [1, P. 188].

One example is the loopback interface. For most machines, localhost resolves to the IPv4 loopback address “Delivering packets to the loopback interface is simply a form of interprocess communication” [1, P. 188].

There are also other special interfaces. For example, when VPN connections are created, “each end of the logical connection typically terminates at a virtual interface” [1, P. 188].

“When a computer hosts a virtual machine, there is almost always a virtual network to connect the host and virtual systems. The host will have a virtual interface to connect to the virtual network. The host may act as a NAT router for the virtual machine, “hiding” that virtual machine behind its own IP address, or it may act as an Ethernet switch, in which case the virtual machine will need an additional public IP address” [1, P. 188].

“Routers always have at least two interfaces on two separate IP networks”. Normally the router would have a separate IP address for each interface, although some point-to-point interfaces can be used without IP addresses [1, P. 189].

Multihomed hosts

A multihomed host is a non-router host with multiple non-loopback network interfaces. For example, many laptops have an Ethernet interface and a Wi-Fi interface. These interfaces can be used simultaneously if they both have a different IP address [1, P. 189].

It’s also possible to assign multiple different IP addresses to a single interface. Sometimes this is done to enable two different IP networks to share the same LAN [1, P. 189].

Special Addresses

IPv4 has a few assigned special addresses.

Loopback addresses. The default loopback address is, however, any IPv4 address beginning with 127 can serve as a loopback address [1, P. 190].

Private addresses. Private addresses are IP addressses that are intended for internal use only. There are three standard private-address blocks:


[1, P. 190]

Broadcast addresses are IPv4 addresses intended to be used with LAN broadcasting. The common forms are to broadcast to the network the device is on. Historically was also used as a broadcast address. You can also broadcast to a different network by filling the host part of an IP address with all 1-bits. This is why all host ranges have , where is the number of host bits [1, P. 190].

Multicast Addresses: Multicasting means sending packets to a specified set of addresses. Multicast addresses have the first byte beginning 1110 [1, P. 190].


IPv4 supports fragmentation to break up large packets into smaller chunks. This means large packets can be sent over networks that cannot support the full size of the packet. The fragments are reassembled once they have been received by the destination host [1, P. 191].

IP follows a path fragmentation and reassembly process where reassembly is done at the far end of the path, rather than by intermediate routers [1, P. 191].

The Identification field in the IP header is used to group fragmented IP packets. Its value should be different for each packet. Fragments of a packet keep the same Identification value as their original packet, so it’s possible to identify fragments of a packet by comparing their Identification value [1, P. 191].

The Fragment Offset field marks the start position of the data portion of a fragment within the data portion of the original packet. This is used to reassemble the packet [1, P. 191].

TCP normally uses Path MTU Discovery to discover the maximum transmission size that is supported over the network. It will then keep packets under this size in order to avoid IP fragmentation. However, it’s not uncommon for fragmentation to occur over UDP, as in the NFS protocol [1, P. 192].

It’s worth noting that IPv6 doesn’t support fragmentation [1, P. 185].


NAT (Network Address Translation) is an approach to use a single IP address for a network of IP-connected devices.

Instead of assigning an IP address to each host in an internal network, a public IP address is assigned only to a gateway router. The gateway router, known as a NAT router, connects the internal network to the Internet.

All hosts in the internal network are assigned private IP addresses. When an internal host makes a request, the NAT router will translate the source private IP address into its own public IP address, and keep the translation in a special NAT forwarding table. When the NAT gateway receives a response from the remote machine, it will check its NAT forwarding table, see that the request is for the internal host, replace the destination IP address with the private source IP address, and forward the packet to the internal host [1, Pp. 200-1].

Figure: NAT router [1, P. 201]

The NAT forwarding table includes port numbers, so that it can distinguish between two different internal hosts attempting to connect to the same external host. If two internal hosts attempt to reach the same host from the same port, then the NAT router will need to rewrite one of the source port numbers to be able to distinguish between packets destined for each router.


  1. [1] D. P., An Introduction to Computer Networks, 1.9.18 ed. 2019.
  2. [2] A. Tanenbaum and D. Wetherall, Computer Networks, 5th ed. 2011.