Internet Protocol (IP) is the "mailroom" of the TCP/IP stack, where packet sorting and delivery takes place. At this layer, each incoming or outgoing packet is known as a datagram. Each IP datagram bears the source IP address of the sender and the destination IP address of the intended recipient. Unlike the MAC addresses, the IP addresses in a datagram remain the same throughout a packet's journey across an internetwork. The following sections describe the IP layer functions.
Routing is the primary function of IP. Datagrams are handed to the IP protocol from UDP and TCP above, and from the NIC(s) below. Each datagram is labeled with a source and destination IP address. The IP protocol examines the destination address on each datagram, compares it to a locally maintained route table, and decides what action to take. There are three possibilities for each datagram:
The route table maintains four different types of routes. They are listed here in the order in which they are searched for a match:
1. Host (a route to a single, specific destination IP address)
2. Subnet (a route to a subnet)
3. Network (a route to an entire network)
4. Default (used when there is no other match)
You can view the route table from the command prompt, as shown in the following example of the command and its results.
Network Address | Netmask | Gateway Address | Interface | Metric | |
0.0.0.0 | 0.0.0.0 | 172.16.112.1 | 172.16.112.123 | 1 | |
127.0.0.0 | 255.0.0.0 | 127.0.0.1 | 127.0.0.1 | 1 | |
172.16.112.0 | 255.255.255.0 | 172.16.112.123 | 172.16.112.123 | 1 | |
172.16.112.123 | 255.255.255.255 | 127.0.0.1 | 127.0.0. | 1 | |
172.16.112.255 | 255.255.255.255 | 172.16.112.123 | 172.16.112.123 | 1 | |
224.0.0. | 224.0.0.0 | 172.16.112.123 | 172.16.112.123 | 1 | |
255.255.255.255 | 255.255.255.255 | 172.16.112.123 | 172.16.112.123 | 1 | |
The preceding route table is for a computer with the class C IP address 172.16.112.123. It contains seven entries, as follows:
On this host, if a packet is sent to 172.16.112.122, the table is first scanned for a host route (not found), then for a subnet route (not found), then for a network route (that is found). The packet is sent by using the local interface 172.16.112.123. If a packet is sent to 172.17.1.1, the same search is used, and no host, subnet, or network route is found. In this case, the packet is directed to the default gateway, by inserting the MAC address of the default gateway into the destination MAC address field.
The route table is maintained automatically in most cases. When a host initializes, entries for the local network(s), loopback, multicast, and configured default gateway are added. More routes may appear in the table as the IP layer learns of them. For example, a computer may receive a message from the default gateway that indicates (using ICMP, as explained later) a better route to a specific network, subnet, or host. Routes also may be added manually by using the route command. In Windows NT versions 4.0 and 3.5x, the -p (persistent) switch can be used with the route command to specify permanent routes. Permanent routes are stored in the Registry under:
Note In Windows NT version 3.5, manually-added routes were treated as temporary files and the routes were deleted from the table when the computer was restarted.
Most routers use a protocol such as RIP (Routing Information Protocol) or OSPF (Open Shortest Path First) to exchange routing tables with each other.
The Multi-Protocol Router (MPR) in Windows NT consists of the following:
Routers use RIP to dynamically exchange routing information. Windows NT routes the RIP protocols and dynamically exchanges routing information with other routers running the RIP protocol.
The Windows NT router uses the BOOTP relay agent to forward DHCP requests to DHCP servers on other subnets. This allows one DHCP server to service multiple IP subnets.
Note By default, computers running under Windows NT do not behave as routers. You must install MPR after installing TCP/IP on your computer. MPR is included with Windows NT Server and Windows NT Workstation version 4.0. MPR for Windows NT version 3.51 is available from ftp.microsoft.com, and is included with Service Pack 3 and later under the "MPR" directory. Windows NT version 3.5 or earlier, when used as a router, does not include support for RIP.
When running multiple logical subnets on the same physical network, use the following command to tell IP to treat all subnets as local and to use ARP directly for the destination:
route add 0.0.0.0 MASK 0.0.0.0 <my local ip address>
Thus, packets destined for "non-local" subnets will be transmitted directly onto the local media instead of being sent to a router. In essence, the local interface card can be designated as the default gateway. This might be useful where several class "C" networks are being used on one physical network with no router to the outside world.
Duplicate address detection is an important feature. When the stack is first initialized, a "gratuitous" ARP Request is broadcast for the IP address(es) of the local host. If another computer replies, the IP address is already in use. When this happens, the Windows NT computer will still start; however, IP on the offending interface is disabled, a system log entry is generated, and a popup error message is displayed. If the computer that is "defending" the address is also a Windows NT computer, a system log entry is generated and a popup error message is displayed there; however, its interface will continue to operate. After transmitting the ARP reply, the "defending" computer ARPs for its own address again so that other hosts on the network will maintain the correct mapping for the address in their ARP caches.
A computer using a duplicate IP address may be started while it is not attached to the network, in which case no conflict would be detected at that point. However, if it is then plugged into the network, the first time that it ARPs for another IP address, any Windows NT computer with a conflicting address will detect the conflict. The computer detecting the conflict will display a popup error message and log a detailed event in the system log. The following is a sample event log entry:
When a computer is configured with more than one IP address, it is known as a multihomed computer. The different types of multihoming are:
Five addresses per card may be configured using Control Panel; however, more may be added in the Registry. For details, see the IPAddress registry parameter in online Registry Help.
NetBT (NetBIOS over TCP/IP per RFC 1001/1002) binds to only one IP address per interface card. When a NetBIOS name registration is sent, it contains the first IP address in the list of addresses assigned to the NIC.
No restrictions other than hardware.
No restrictions other than hardware and media support as described in the section "Network Driver Interface Specification" earlier in this chapter.
Note
Under Windows NT version 3.51, NetBT did not bind to a NIC that had more than 16 to 20 IP addresses associated with it.
When an IP datagram is sent from a multihomed host, it will be handed down to the interface card with the best apparent route to the destination. Accordingly, the datagram may bear the source IP address of one interface in the multihomed host, yet be placed on the media by a different NIC. The source MAC address on the frame will be that of the NIC that actually transmitted the frame onto the media, and the source IP address will be the one that the sending application sourced it from, not necessarily one of those associated with the sending NIC in the configuration screens in the network control panel.
Routing problems may arise when a computer is multihomed with NICs attached to disjoint networks (networks that are separate from and unaware of each other, such as one connected by using RAS). In this scenario, it is often necessary to set up static routes to remote networks.
More details on name registration and resolution with multihomed computers are provided in the section "NetBIOS over TCP/IP" later in this chapter.
Classless Interdomain Routing (CIDR), also known as supernetting, can be used to consolidate several class C network addresses into one logical network. CIDR is described in RFC 1518/1519. To use supernetting, the IP network addresses that are to be combined must share the same high-order bits, and the subnet mask is "shortened" to take bits away from the network portion of the address and add them to the host portion.
This is best explained with an example. The class C network addresses 172.16.16.0, 172.16.32.0, and 172.16.48.0 can be combined by using a subnet mask of 255.255.252.0 for each:
When routing decisions are made, only the bits covered by the subnet mask are used, thus making these addresses all appear to be part of the same network for routing purposes. Any routers in use must also support CIDR and may require special configuration.
IP multicasting is used to provide efficient multicast services to clients that may not be located on the same network segment. Windows Sockets programs can join a multicast group. For more information, see the section "Using IP Multicasts with Windows Sockets Programs," later in this chapter.
Windows NT versions 4.0 and 3.5x are level-2 (send and receive) compliant with RFC 1112. IGMP is the protocol used to manage IP multicasting.