c


c  

 (c
) is the fourth revision in the development of the Internet
Protocol (IP) and it is the first version of the protocol to be widely deployed. Together with IPv6,
it is at the core of standards-based internetworking methods of the Internet, and is still by far the
most widely deployed Internet Layer protocol.

It is described in IETF publication RFC 791 (September 1981) which rendered obsolete RFC 760
(January 1980). The United States Department of Defense also standardized it as MIL-STD-
1777.

IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g., Ethernet). It

is a best effort delivery protocol in that it does not guarantee delivery, nor does it assure proper
sequencing, or avoid duplicate delivery. These aspects are addressed by an upper layer protocol
(e.g. TCP, and partly by UDP). IPv4 does, however, provide data integrity protection through the
use of packet checksums.

  c 



  

BGP DHCP DNS FTP Gopher GTP HTTP IMAP IRC NNTP NTP POP RIP RPC
RTCP RTP RTSP SDP SIP SMTP SNMP SOAP SSH STUN Telnet TIME TLS/SSL
XMPP (more)

 

TCP UDP DCCP SCTP RSVP ECN (more)

c 

IP (c
, IPv6) ICMP ICMPv6 IGMP IPsec (more)

 

ARP RARP NDP OSPF Tunnels (L2TP)  Media Access Control (Ethernet, DSL, ISDN, FDDI) 
Device Drivers (more)

This box: view ‡ talk ‡ edit


[hide]
 i 1 Addressing
V 1.1 Address representations
V 1.2 Allocation
V 1.3 Private networks
V 1.4 Localhost
V 1.5 Addresses ending in 0 or 255
V 1.6 Address resolution
V 1.7 Exhaustion
i 2 Network address translation
i 3 Virtual private networks
i 4 Packet structure
V 4.1 Header
V 4.2 Data
i 5 Fragmentation and reassembly
V 5.1 Fragmentation
V 5.2 Reassembly
i 6 Assistive protocols
i 7 See also
i 8 References
i 9 External links

Ò !

Internet addressing growth map.

IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4,294,967,296 (232)
possible unique addresses. However, some are reserved for special purposes such as private
networks (~18 million addresses) or multicast addresses (~16 million addresses). This reduces
the number of addresses that can be allocated as public Internet addresses. As the number of
addresses available are consumed, an IPv4 address shortage appears to be inevitable, however
network address translation (NAT) has significantly delayed this inevitability.

This limitation has helped stimulate the push towards IPv6, which is currently in the early stages
of deployment and is currently the only contender to replace IPv4.

Ò 

IPv4 addresses are usually written in dot-decimal notation, which consists of the four octets of
the address expressed in decimal and separated by periods. This is the base format used in the
conversion in the following table:
 Ö "
# 
$% 


Dot-decimal ð


 N/A

notation

Dotted 

Each octet is individually converted to
Hexadecimal hexadecimal form

Dotted Octal 
 Each octet is individually converted into octal

Concatenation of the octets from the dotted

Hexadecimal 

hexadecimal

Decimal 

ð



ð The 32-bit number expressed in decimal

Octal ð The 32-bit number expressed in octal

Most of these formats should work in all browsers. Additionally, in dotted format, each octet can
be of any of the different bases. For example, ð


 is a valid (though
unconventional) equivalent to the above addresses.

A final form is not really a notation since it is rarely written in an ASCII string notation. That
form is a binary form of the hexadecimal notation in binary. This difference is merely the
representational difference between the string "0xCF8E83EB" and the 32-bit integer value
0xCF8E83EB. This form is used for assigning the source and destination fields in a software
program.

Ò 

 

Originally, an IP address was divided into two parts:

i Network ID: first octet

i Host ID: last three octets

This created an upper limit of 256 networks. As the networks began to be allocated, this was
soon seen to be inadequate.
To overcome this limit, different m
 of network were defined, in a system which later
became known as classful networking. Five classes were created (A, B, C, D, and E), three of
which (A, B, and C) had different lengths for the network field. The rest of an address was used
to identify a host within a network, which meant that each network class had a different
maximum number of hosts. Thus there were a few networks with each having many host
addresses and numerous networks with each only having a few host addresses. Class D was for
multicast addresses and Class E was reserved.

Around 1993, these classes were replaced with a Classless Inter-Domain Routing (CIDR)
scheme, and the previous scheme was dubbed "classful", by contrast. CIDR's primary advantage
is to allow re-division of Class-A, -B and -C networks so that smaller (or larger) blocks of
addresses may be allocated to various entities (such as Internet service providers, or their
customers) or local area networks.

The actual assignment of an address is not arbitrary. The fundamental principle of routing is that
the address of a device encodes information about the device's location within a network. This
implies that an address assigned to one part of a network will not function in another part of the
network. A hierarchical structure, created by CIDR and overseen by the Internet Assigned
Numbers Authority (IANA) and its Regional Internet Registries (RIRs), manages the assignment
of Internet addresses worldwide. Each RIR maintains a publicly-searchable WHOIS database
that provides information about IP address assignments; information from these databases plays
a central role in numerous tools that attempt to locate IP addresses geographically.


&
 

c'&
  '  $ 

0.0.0.0/8 Current network (only valid as source address) RFC 1700

10.0.0.0/8 Private network RFC 1918

14.0.0.0/8 Public data networks (per 2008-02-10, available for use[1]) RFC 1700

127.0.0.0/8 Loopback RFC 3330

128.0.0.0/16 Reserved (IANA) RFC 3330

169.254.0.0/16 Link-Local RFC 3927

172.16.0.0/12 Private network RFC 1918

191.255.0.0/16 Reserved (IANA) RFC 3330

192.0.0.0/24 Reserved (IANA) RFC 3330

192.0.2.0/24 Documentation and example code RFC 3330

192.88.99.0/24 IPv6 to IPv4 relay RFC 3068

192.168.0.0/16 Private network RFC 1918

198.18.0.0/15 Network benchmark tests RFC 2544

223.255.255.0/24 Reserved (IANA) RFC 3330

224.0.0.0/4 Multicasts (former Class D network) RFC 3171

240.0.0.0/4 Reserved (former Class E network) RFC 1700

255.255.255.255 Broadcast

Ò  
(

v

m  

 

Of the four billion addresses allowed in IPv4, four ranges of address are reserved for private
networking use only. These ranges are not routable outside of private networks, and private
machines cannot directly communicate with public networks. They can, however, do so through
network address translation.
The following are the four ranges reserved for private networks:

Ö#&$ !c'

Ö ! °
  
 &
 

24-bit 10.0.0.0±
16,777,216 Single Class A 10.0.0.0/8
block 10.255.255.255

20-bit 172.16.0.0± 16 contiguous Class B

1,048,576 172.16.0.0/12
block 172.31.255.255 blocks

16-bit 169.254.0.0±
65,536 Single Class B 169.254.0.0/16
block 169.254.255.255

16-bit 192.168.0.0± Contiguous range of 256

65,536 192.168.0.0/16
block 192.168.255.255 class C blocks

The ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are reserved for private networking by
RFC 1918, while the 169.254.0.0/16 range is reserved for Link-Local addressing as defined in
RFC 3927.

Ò  


v

m   m
 

The address range 127.0.0.0±127.255.255.255 (127.0.0.0/8 in CIDR notation) is reserved for

localhost communication. Addresses within this range should never appear outside a host
computer and packets sent to this address are returned as an incoming packets on the same
virtual network device (known as loopback).

Ò !)**

v

m  m

It is a common misunderstanding that addresses ending in 255 or 0 can never be assigned to

hosts. This is only true of networks with subnet masks of at least 24 bits ² Class C networks in
the old classful addressing scheme, or in CIDR, networks with masks of (  to (
(or
255.255.255.0±255.255.255.255).
In classful addressing (now obsolete with the advent of CIDR), there are only three possible
subnet masks: Class A, 255.0.0.0 or /8; Class B, 255.255.0.0 or /16; and Class C, 255.255.255.0
or /24. For example, in the subnet 192.168.5.0/255.255.255.0 (or 192.168.5.0/24) the identifier
192.168.5.0 refers to the entire subnet, so it cannot also refer to an individual device in that
subnet.

A broadcast address is an address that allows information to be sent to all machines on a given
subnet, rather than a specific machine. Generally, the broadcast address is found by obtaining the
bit complement of the subnet mask and performing a bitwise OR operation with the network
identifier. In other words, the broadcast address is the last address in the range belonging to the
subnet. In our example, the broadcast address would be 192.168.5.255, so to avoid confusion this
address also cannot be assigned to a host. On a Class A, B, or C subnet, the broadcast address
always ends in 255.

However, this does not mean that every addresses ending in 255 cannot be used as a host
address. For example, in the case of a Class B subnet 192.168.0.0/255.255.0.0 (or
192.168.0.0/16), equivalent to the address range 192.168.0.0±192.168.255.255, the broadcast
address is 192.168.255.255. However, one can assign 192.168.1.255, 192.168.2.255, etc. (though
this can cause confusion). Also, 192.168.0.0 is the network identifier and so cannot be assigned,
but 192.168.1.0, 192.168.2.0, etc. can be assigned (though this can also cause confusion).

With the advent of CIDR, broadcast addresses do not necessarily end with 255.

In general, the first and last addresses in a subnet are used as the network identifier and broadcast
address, respectively. All other addresses in the subnet can be assigned to hosts on that subnet.

Ò 

#

v

m   



Hosts on the Internet are usually known not by IP addresses, but by names (e.g.,
www.wikipedia.org, www.whitehouse.gov, www.freebsd.org, www.berkeley.edu). The routing
of IP packets across the Internet is not directed by such names, but by the numeric IP addresses
assigned to such domain names. This requires translating (or resolving) domain names to
addresses.

The Domain Name System (DNS) provides such a system for converting names to addresses and
addresses to names. Much like CIDR addressing, the DNS naming is also hierarchical and allows
for subdelegation of name spaces to other DNS servers.

The domain name system is often described in analogy to the telephone system directory
information systems in which subscriber names are translated to telephone numbers.

Ò +,#

v

m  

 
Since the 1980s it has been apparent that the number of available IPv4 addresses is being
exhausted at a rate that was not initially anticipated in the design of the network. This was the
driving factor for the introduction of classful networks, for the creation of CIDR addressing, and
finally for the redesign of the Internet Protocol, based on a larger address format (IPv6).

Today, there are several driving forces for the acceleration of IPv4 address exhaustion:

i Mobile devices ² laptop computers, PDAs, mobile phones

i Always-on devices ² ADSL modems, cable modems
i Rapidly growing number of Internet users

The accepted and standardized solution is the migration to IPv6. The address size jumps
dramatically from 32 bits to 128 bits, providing a vastly increased address space that allows
improved route aggregation across the Internet and offers large subnet allocations of a minimum
of 264 host addresses to end-users. Migration to IPv6 is in progress but is expected to take
considerable time.

Methods to mitigate the IPv4 address exhaustion are:

i Network address translation (NAT)

i Use of private networks
i Dynamic Host Configuration Protocol (DHCP)
i Name-based virtual hosting
i Tighter control by Regional Internet Registries on the allocation of addresses to Local
Internet Registries
i Network renumbering to reclaim large blocks of address space allocated in the early days
of the Internet

As of April 2008, predictions of exhaustion date of the unallocated IANA pool seem to converge
to between February 2010[2] and May 2011[3]

Ò Ö(


v

m   


 

One method to increase both address utilization and security is to use network address translation
(NAT). With NAT, assigning one address to a public machine as an internet gateway and using a
private network for an organization's computers allows for considerable address savings. This
also increases security by making the computers on a private network not directly accessible
from the public network.

Ò "#


(
v

m  


 
Since private address ranges are deliberately ignored by all public routers, it is not normally
possible to connect two private networks (e.g., two branch offices) via the public Internet.
Virtual private networks (VPNs) solve this problem.

VPNs work by inserting an IP packet (encapsulated packet) directly into the data field of another
IP packet (encapsulating packet) and using a publicly routable address in the encapsulating
packet. Once the VPN packet is routed across the public network and reaches the endpoint, the
encapsulated packet is extracted and then transmitted on the private network just as if the two
private networks were directly connected.

Optionally, the encapsulated packet can be encrypted to secure the data while it travels over the
public network (see VPN article for more details).

Ò   # #

An IP packet consists of a header section and a data section.

Ò -

The header consists of 13 fields, of which only 12 are required. The 13th field is optional (red
background in table) and aptly named: options. The fields in the header are packed with the most
significant byte first (big endian), and for the diagram and discussion, the most significant bits
are considered to come first. The most significant bit is numbered 0, so the version field is
actually found in the four most significant bits of the first byte, for example.

. /)01 02 30* 403 501

Type of Service
Header
) Version (now DiffServ and Total Length
length
ECN)

1 Identification Flags Fragment Offset

4 Time to Live Protocol Header Checksum

54 Source Address

3 Destination Address

4) Options

4)
 Data
5.

Version
The first header field in an IP packet is the four-bit version field. For IPv4, this has a
value of 4 (hence the name IPv4).
Internet Header Length (IHL)
The second field (4 bits) is the Internet Header Length (IHL) telling the number of 32-bit
words in the header. Since an IPv4 header may contain a variable number of options, this
field specifies the size of the header (this also coincides with the offset to the data). The
minimum value for this field is 5 (RFC 791), which is a length of 5×32 = 160 bits. Being
a 4-bit value, the maximum length is 15 words or 480 bits.
Type of Service (TOS)
In RFC 791, the following eight bits were allocated to a Type of Service (TOS) field:

i bits 0±2: Precedence (111 - Network Control, 110 - Internetwork Control, 101 -
CRITIC/ECP, 100 - Flash Override, 011 - Flash, 010 - Immediate, 001 - Priority,
000 - Routine)
i bit 3: 0 = Normal Delay, 1 = Low Delay
i bit 4: 0 = Normal Throughput, 1 = High Throughput
i bit 5: 0 = Normal Reliability, 1 = High Reliability
i bits 6±7: Reserved for future use

This field is now used for DiffServ and ECN. The original intention was for a sending
host to specify a preference for how the datagram would be handled as it made its way
through an internet. For instance, one host could set its IPv4 datagrams' TOS field value
to prefer low delay, while another might prefer high reliability. In practice, the TOS field
has not been widely implemented. However, a great deal of experimental, research and
deployment work has focused on how to make use of these eight bits. These bits have
been redefined, most recently through DiffServ working group in the IETF and the
Explicit Congestion Notification codepoints (see RFC 3168). New technologies are
emerging that require real-time data streaming and therefore will make use of the TOS
field. An example is Voice over IP (VoIP) that is used for interactive data voice
exchange.
Total Length
This 16-bit field defines the entire datagram size, including header and data, in bytes. The
minimum-length datagram is 20 bytes (20-byte header + 0 bytes data) and the maximum
is 65,535 ² the maximum value of a 16-bit word. The minimum size datagram that any
host is 6# to be able to handle is 576 bytes, but most modern hosts handle much
larger packets. Sometimes subnetworks impose further restrictions on the size, in which
 case datagrams must be fragmented. Fragmentation is handled in either the host or packet
switch in IPv4 (

 

 ).
Identification
This field is an identification field and is primarily used for uniquely identifying
fragments of an original IP datagram. Some experimental work has suggested using the
ID field for other purposes, such as for adding packet-tracing information to datagrams in
order to help trace back datagrams with spoofed source addresses.
Flags
A three-bit field follows and is used to control or identify fragments. They are (in order,
from high order to low order):

i Reserved; must be zero. As an April Fools joke, proposed for use in RFC 3514 as
the "Evil bit".
i Don't Fragment (DF)
i More Fragments (MF)

If the DF flag is set and fragmentation is required to route the packet then the packet will
be dropped. This can be used when sending packets to a host that does not have sufficient
resources to handle fragmentation.
When a packet is fragmented all fragments have the MF flag set except the last fragment,
which does not have the MF flag set. The MF flag is also not set on packets that are not
fragmented ² an unfragmented packet is its own last fragment.
Fragment Offset
The fragment offset field, measured in units of eight-byte blocks, is 13 bits long and
specifies the offset of a particular fragment relative to the beginning of the original
unfragmented IP datagram. The first fragment has an offset of zero. This allows a
maximum offset of (213 ± 1) × 8 = 65,528 which would exceed the maximum IP packet
length of 65,535 with the header length included.
Time To Live (TTL)
An eight-bit time to live (TTL) field helps prevent datagrams from persisting (e.g. going
in circles) on an internet. This field limits a datagram's lifetime. It is specified in seconds,
but time intervals less than 1 second are rounded up to 1. In latencies typical in practice,
it has come to be a hop count field. Each packet switch (or router) that a datagram crosses
decrements the TTL field by one. When the TTL field hits zero, the packet is no longer
forwarded by a packet switch and is discarded. Typically, an ICMP message (specifically
the time exceeded) is sent back to the sender that it has been discarded. The reception of
these ICMP messages is at the heart of how traceroute works.
Protocol
This field defines the protocol used in the data portion of the IP datagram. The Internet
Assigned Numbers Authority maintains a list of Protocol numbers and were originally
defined in RFC 790. Common protocols and their decimal values are shown below (


).
Header Checksum
The 16-bit checksum field is used for error-checking of the header. At each hop, the
checksum of the header must be compared to the value of this field. If a header checksum
is found to be mismatched, then the packet is discarded. Note that errors in the data field
 are up to the encapsulated protocol to handle ² indeed, both UDP and TCP have
checksum fields.
Since the TTL field is decremented on each hop and fragmentation is possible at each
hop then at each hop the checksum will have to be recomputed. The method used to
compute the checksum is defined within RFC 791:

mm  !" #m 
  #m 
 
 !"
 
$ 

 m 
mm%
 
mm & $
In other words, all 16-bit words are summed together using one's complement (with the
checksum field set to zero). The sum is then one's complemented and this final value is
inserted as the checksum field.
Source address
An IPv4 address is a group of four eight-bit octets for a total of 32 bits. The value for this
field is determined by taking the binary value of each octet and concatenating them
together to make a single 32-bit value.
For example, the address 10.9.8.7 (00001010.00001001.00001000.00000111 in binary)
would be 00001010000010010000100000000111.
This address is the address of the sender of the packet. Note that this address may not be
the "true" sender of the packet due to network address translation. Instead, the source
address will be translated by the NATing machine to its own address. Thus, reply packets
sent by the receiver are routed to the NATing machine, which translates the destination
address to the original sender's address.
Destination address
Identical to the source address field but indicates the receiver of the packet.
Options
Additional header fields may follow the destination address field, but these are not often
used. Note that the value in the IHL field must include enough extra 32-bit words to hold
all the options (plus any padding needed to ensure that the header contains an integral
number of 32-bit words). The list of options may be terminated with an EOL (End of
Options List, 0x00) option; this is only necessary if the end of the options would not
otherwise coincide with the end of the header. The possible options that can be put in the
header are as follows:

78

 ' 
&

Set to 1 if the options need to be copied into all fragments of a

 1
fragmented packet.

9 A general options category. 0 is for "m  " options, and 2 is for
2

 "

". 1, and 3 are reserved.
9
5 Specifies an option.
Ö#&

9 Indicates the size of the entire option (including this field). This field
8
! may not exist for simple options.

9' Variable Option-specific data. This field may not exist for simple options.

i Note: the Copied, Option Class, and Option Number are sometimes referred to as a single
eight-bit field - the ]
 

.

The use of the LSRR and SSRR options (Loose and Strict Source and Record Route) is
discouraged because they create security concerns; many routers block packets
containing these options.[m
 ]

Ò '

The last field is not a part of the header and, consequently, not included in the checksum field.
The contents of the data field are specified in the protocol header field and can be any one of the
transport layer protocols.

Some of the most commonly used protocols are listed below including their value used in the
protocol field:

i 1: Internet Control Message Protocol (ICMP)

i 2: Internet Group Management Protocol (IGMP)
i 6: Transmission Control Protocol (TCP)
i 17: User Datagram Protocol (UDP)
i 89: Open Shortest Path First (OSPF)
i 132: Stream Control Transmission Protocol (SCTP)

See List of IP protocol numbers for a complete list.

Ò !&


v

m  

 

To make IPv4 more tolerant of different networks the concept of fragmentation was added so
that, if necessary, a device could break up the data into smaller pieces. This is necessary when
the maximum transmission unit (MTU) is smaller than the packet size.
For example, the maximum size of an IP packet is 65,535 bytes while the typical MTU for
Ethernet is 1,500 bytes. Since the IP header consumes 20 bytes (without options) of the 1,500
bytes leaving 1,480 bytes of IP data per Ethernet frame (this leads to an MTU for IP of 1,480
bytes). Therefore, a 65,535-byte data payload (including 20 bytes of header information) would
require 45 packets (65535-20)/1480 = 44.27, rounded up to 45.

The reason fragmentation was chosen to occur at the IP layer is that IP is the first layer that
connects hosts instead of machines. If fragmentation were performed on higher layers (TCP,
UDP, etc.) then this would make fragmentation/reassembly redundantly implemented (once per
protocol); if fragmentation were performed on a lower layer (Ethernet, ATM, etc.) then this
would require fragmentation/reassembly to be performed on each hop (could be quite costly) and
redundantly implemented (once per link layer protocol). Therefore, the IP layer is the most
efficient one for fragmentation.

Ò !

When a device receives an IP packet it examines the destination address and determines the
outgoing interface to use. This interface has an associated MTU that dictates the maximum data
size for its payload. If the MTU is smaller than the data size then the device must fragment the
data.

The device then segments the data into segments where each segment is less-than-or-equal-to the
MTU less the IP header size (20 bytes minimum; 60 bytes maximum). Each segment is then put
into its own IP packet with the following changes:

i The  
  field will be adjusted to the segment size

i The  
 (MF) flag is set for all segments except the last one, that would be
set to 0
i The 
  field is set accordingly based on the offset of the segment in the
original data payload. This is measured in units of eight-byte blocks.

For example, for an IP header of length 20 bytes and an Ethernet MTU of 1,500 bytes the
fragment offsets would be: 0, (1480/8) = 185, (2960/8) = 370, (4440/8) = 555, (5920/8) = 740,
etc.

By some chance if a packet changes link layer protocols or the MTU reduces then these
fragments would be fragmented again. For example, if a 4,500-byte data payload is inserted into
an IP packet with no options (thus total length is 4,520 bytes) and is transmitted over a link with
an MTU of 2,500 bytes then it will be broken up into two fragments:



!
:$!:
š !$$
$
!;
- '
 2500
1 Yes 0
20 2480

2040
2 No 310
20 2020

Now, let's say the MTU drops to 1,500 bytes. Each fragment will individually be split up into
two more fragments each:



!
:$!:
š !$$
$
!;
- '

1500
1 Yes 0
20 1480

1020
2 Yes 185
20 1000

1500
3 Yes 310
20 1480

4 560 No 495
 20 540

Indeed, the amount of data has been preserved ² 1480 + 1000 + 1480 + 540 = 4500 ² and the
last fragment offset plus data ² 3960 + 540 = 4500 ² is also the total length.

Note that fragments 3 & 4 were derived from the original fragment 2. When a device must
fragment the last fragment then it must set the flag for all but the last fragment it creates
(fragment 4 in this case). Last fragment would be set to 0 value.

Ò &



When a receiver detects an IP packet where either of the following is true:

i "more fragments" flag set

i "fragment offset" field is non-zero

then the receiver knows the packet is a fragment. The receiver then stores the data with the
identification field, fragment offset, and the more fragments flag. When the receiver receives a
fragment with the more fragments flag set to 0 then it knows the length of the original data
payload since the fragment offset plus the data length is equivalent to the original data payload
size.

Using the example above, when the receiver receives fragment 4 the fragment offset (495 or
3960 bytes) and the data length (540 bytes) added together yield 4500 ² the original data length.

Once it has all the fragments then it can reassemble the data in proper order (by using the
fragment offsets) and pass it up the stack for further processing.

Ò 
 

The Internet Protocol is the protocol that defines and enables internetworking at the Internet
Layer and thus forms the Internet. It uses a logical addressing system. IP addresses are not tied in
any permanent manner to hardware identifications and, indeed, a network interface can have
multiple IP addresses. Hosts and routers need additional mechanisms to identify the relationship
between device interfaces and IP addresses, in order to properly deliver an IP packet to the
destination host on a link. The Address Resolution Protocol (ARP) perform this IP address to
hardware address (MAC address) translation for IPv4. In addition the reverse correlation is often
necessary, for example, when an IP host is booted or connected to a network it needs to
determine its IP address, unless an address is preconfigured by an administrator. Protocols for
such inverse correlations exist in the Internet Protocol Suite. Currently used methods are
Dynamic Host Configuration Protocol (DHCP) and, infrequently, inverse ARP.