IP header

The IP header is the prefixed segment of control information in an Internet Protocol (IP) datagram that enables routing, addressing, fragmentation, and delivery across interconnected packet-switched networks.^[1] It precedes the payload data and varies between IP versions, with the IPv4 header providing a variable-length structure for legacy compatibility and the IPv6 header offering a fixed-length format for enhanced efficiency and scalability.^[1]^[2] In IPv4, defined in the original Internet Protocol specification, the header consists of a minimum 20-octet fixed portion followed by optional fields and padding to align on 32-bit boundaries.^[1] Key fields include the 4-bit Version (set to 4), 4-bit Internet Header Length (IHL, indicating header size in 32-bit words), 8-bit Type of Service for quality-of-service parameters, 16-bit Total Length of the datagram, 16-bit Identification for fragment reassembly, 3-bit Flags and 13-bit Fragment Offset for fragmentation control, 8-bit Time to Live (TTL) to prevent infinite loops, 8-bit Protocol to identify the next-layer protocol (e.g., TCP or UDP), 16-bit Header Checksum for integrity verification, and 32-bit Source and Destination Addresses.^[1] Optional fields, such as security or source routing, allow for additional functionality but increase processing overhead.^[1] The IPv6 header, introduced to address IPv4 limitations like address exhaustion and header complexity, is a streamlined 40-octet fixed-length structure without options in the base header; instead, it uses chained extension headers for optional features.^[2] Its fields comprise a 4-bit Version (set to 6), 8-bit Traffic Class for prioritization, 20-bit Flow Label for handling packet flows, 16-bit Payload Length (covering data and extension headers), 8-bit Next Header (indicating the subsequent header type, including extensions), 8-bit Hop Limit (analogous to TTL, decremented per hop), and 128-bit Source and Destination Addresses to support vastly expanded addressing space.^[2] This design reduces router processing time and improves forwarding efficiency in modern networks.^[2] The evolution from IPv4 to IPv6 headers reflects broader Internet growth, with IPv6 adoption driven by the need for more addresses and simplified processing, while both versions provide best-effort datagram delivery in the TCP/IP suite.^[1]^[2] Extension headers in IPv6, such as those for authentication or routing, maintain flexibility without bloating the base header.^[2]

Overview

Definition and Role

The IP header serves as the initial segment of an IP datagram, encapsulating essential metadata that governs the packet's handling, routing, and delivery within the Internet Protocol (IP) suite. This header precedes the actual data payload and includes critical control information that enables the network layer to manage transmission across interconnected systems without relying on higher-layer details.^[1]^[2] Its primary roles encompass source and destination addressing to direct packets to their intended endpoints, fragmentation control to accommodate varying network path maximum transmission units by allowing packets to be divided and reassembled, a time-to-live (TTL) or hop limit field to decrement at each forwarding node and prevent routing loops by discarding packets that exceed a safe hop count, and protocol identification to specify the upper-layer protocol (such as TCP or UDP) carried in the payload for proper demultiplexing at the destination.^[1]^[2] By confining all routing and forwarding decisions to the header fields, the IP header enables intermediate routers to process and relay packets efficiently across diverse networks without examining or interpreting the payload content, thus maintaining modularity and scalability in IP-based communications.^[1]^[2] IP headers are mandatory components of every IP packet, with their size varying based on the protocol version—principally IPv4 or IPv6—and the inclusion of optional extensions or fields.^[1]^[2]

Historical Context

The development of the IP header began in the 1970s as part of the ARPANET project, sponsored by the U.S. Department of Defense's Advanced Research Projects Agency (DARPA), which laid the groundwork for modern internetworking through the creation of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite.^[3] Early efforts focused on enabling reliable communication across packet-switched networks, with the initial specification of the Internet Protocol (IPv4) header formalized in RFC 791 in September 1981 by Jon Postel on behalf of DARPA and the University of Southern California's Information Sciences Institute.^[1] This document built upon six prior iterations of ARPA Internet Protocol designs, transitioning from the Network Control Protocol (NCP) used in ARPANET since 1969.^[1] The IPv4 header was motivated by the need for a simple, extensible structure to facilitate datagram transmission in heterogeneous networks, where diverse hardware and protocols required minimal overhead for internetworking.^[1] Its design drew influences from earlier ARPANET protocols, such as the Interface Message Processor (IMP) system and the 1822 host-IMP communication procedure, which emphasized packet forwarding without end-to-end reliability guarantees.^[1] Key principles included a lean header format—minimum 20 octets—to support high-speed routing with low processing demands, incorporating fields for addressing, fragmentation, and time-to-live while allowing optional extensions for future adaptability.^[1] A major milestone came with the introduction of the IPv6 header in RFC 2460, published in December 1998 by the Internet Engineering Task Force (IETF), led by Steve Deering and Robert Hinden, as a successor to IPv4 to address impending address space exhaustion from the 32-bit limit.^[4] This specification was obsoleted in July 2017 by RFC 8200, which advanced IPv6 to full Internet Standard status with clarifications while preserving the core header design.^[2] The evolution aimed to expand addressing to 128 bits for supporting vastly more devices and hierarchical structures, while simplifying the header to reduce processing overhead and bandwidth usage by removing or optionalizing several IPv4 fields.^[4] The changes prioritized efficiency in large-scale, high-performance networks, enabling features like flow labeling for quality-of-service handling without compromising extensibility through chained extension headers.^[4]

IPv4 Header

Format and Length

The IPv4 header has a variable length, with a minimum of 20 octets (160 bits) for the fixed portion, and can extend up to 60 octets when optional fields are included.^[1] The actual length is indicated by the 4-bit Internet Header Length (IHL) field, which specifies the header size in 32-bit words (minimum value of 5, corresponding to 20 octets).^[1] This design allows for flexibility through optional fields but requires parsing to determine the exact size, unlike fixed-length headers in later protocols.^[1] The header is structured as a sequence of 32-bit words, with the fixed portion comprising 12 such words (20 octets total). Optional fields follow the fixed portion and can include features like security or source routing, formatted as type-length-value (TLV) entries: a 1-octet type field (with a copied flag, class, and number) optionally followed by a 1-octet length and data.^[1] Padding, consisting of zero bits, is added as needed to ensure the header ends on a 32-bit boundary, facilitating efficient processing in hardware.^[1] This alignment promotes compatibility with word-oriented architectures but can increase overhead if options are present.^[1] The variable format was chosen to balance extensibility with basic functionality in the original Internet Protocol design, enabling additional control without mandating support for all options in every implementation.^[1] The total datagram length, including header and payload, is explicitly encoded in the 16-bit Total Length field, supporting packets up to 65,535 octets.^[1]

Field Descriptions

The IPv4 header includes a fixed set of fields in the base 20-octet portion, followed by optional fields, providing essential routing and delivery information while supporting fragmentation and quality-of-service hints.^[1] Unlike later protocols, it incorporates a header checksum and fragmentation details directly in the base structure. The Version field is 4 bits long and indicates the IP version, set to 4 for IPv4 datagrams to identify the header format.^[1] The Internet Header Length (IHL) field is 4 bits and specifies the length of the header in 32-bit words, ranging from 5 (20 octets) to 15 (60 octets), accounting for any options and padding.^[1] The Type of Service (ToS) field is 8 bits and provides quality-of-service parameters, originally including 3 bits for precedence, 4 bits for delay, throughput, reliability, and cost (with 1 bit reserved), though modern usage often aligns with Differentiated Services (DS) for traffic prioritization.^[1] The Total Length field is 16 bits and represents the entire datagram length in octets, from the start of the header to the end of the payload (maximum 65,535 octets).^[1] The Identification field is 16 bits and assigns a unique value to datagrams that may be fragmented, aiding reassembly at the destination.^[1] The Flags field is 3 bits (part of a 16-bit word with Fragment Offset): bit 0 is reserved (must be zero), bit 1 is the Don't Fragment (DF) flag to prevent fragmentation, and bit 2 is the More Fragments (MF) flag indicating additional fragments follow.^[1] The Fragment Offset field is 13 bits and indicates the position of this fragment in the original datagram, measured in 8-octet units.^[1] The Time to Live (TTL) field is 8 bits and decrements by at least one at each router to prevent routing loops, with the datagram discarded if it reaches zero (maximum initial value of 255).^[1] The Protocol field is 8 bits and identifies the upper-layer protocol (e.g., 6 for TCP, 17 for UDP) to which the payload should be delivered, as defined in the assigned numbers registry.^[1] The Header Checksum field is 16 bits and contains a one's complement checksum computed over the header fields for error detection; it is recalculated at each hop due to TTL changes.^[1] The Source Address and Destination Address fields are each 32 bits, holding the IPv4 addresses of the sender and intended receiver, respectively, enabling routing across networks.^[1] Optional fields, if present, provide extended capabilities such as loose or strict source routing, record route, or timestamps, but their use is deprecated in many modern networks due to security and performance concerns.^[1]

IPv6 Header

Format and Length

The IPv6 header features a fixed length of 40 bytes, equivalent to 320 bits, which excludes any variable options to ensure consistent processing across networks.^[2] This design choice simplifies header parsing compared to earlier protocols, as the constant size eliminates the need to scan for variable-length fields during transmission.^[2] The header's layout consists of eight fields of varying lengths totaling 320 bits, arranged in a linear, 32-bit word-aligned structure, promoting efficient hardware implementation by allowing routers to process packets in fixed increments without variable offsets.^[2] Multi-octet fields are aligned on their natural boundaries, further optimizing performance in high-speed networks.^[2] When additional functionality is required, extension headers can be chained after the base header, but the core structure remains invariant.^[2] This streamlined format was developed to enhance hardware efficiency, reducing the computational overhead for routers and enabling faster packet forwarding.^[2] The total packet size is 40 octets plus the Payload Length field value (which includes any extension headers and upper-layer data); for jumbo payloads, indicated by a Payload Length of zero, the actual length is specified in the Jumbo Payload option of a Hop-by-Hop Options extension header.^[2]

Field Descriptions

The IPv6 header consists of eight fixed fields, designed for simplicity and efficiency compared to the variable-length IPv4 header, eliminating elements like the header checksum and fragmentation fields in the base header.^[2] The Version field is 4 bits long and specifies the Internet Protocol version number, set to 6 for IPv6 packets to distinguish them from other IP versions.^[2] The Traffic Class field occupies 8 bits and serves a role analogous to the Type of Service (ToS) field in IPv4, enabling quality of service (QoS) differentiation for traffic management, such as prioritizing certain packets based on delay or throughput requirements.^[2]^[5] The Flow Label field is 20 bits wide and allows a source to label sequences of packets belonging to the same flow, facilitating special handling by routers, such as applying consistent QoS policies or real-time processing to traffic streams without relying on deep packet inspection.^[2]^[6] This feature simplifies flow identification in IPv6, reducing overhead compared to IPv4's lack of a dedicated mechanism. The Payload Length field is a 16-bit unsigned integer indicating the length of the IPv6 payload in octets, including any extension headers but excluding the base header itself; a value of zero signifies a jumbo payload, where the actual length is determined via a Hop-by-Hop Options extension header, supporting packets larger than 65,535 octets.^[2] The Next Header field uses 8 bits to identify the type of the header immediately following the IPv6 base header, which could be an extension header, an upper-layer protocol (e.g., TCP or UDP), or the payload itself; this enables a chain of headers, a streamlined approach absent in IPv4's single Protocol field.^[2] The Hop Limit field is 8 bits and functions equivalently to the Time to Live (TTL) in IPv4, decremented by one at each forwarding node to prevent infinite loops, with the packet discarded if it reaches zero.^[2] The Source Address and Destination Address fields each span 128 bits, accommodating the expanded IPv6 addressing scheme defined in RFC 4291, which provides a vastly larger address space than IPv4's 32-bit addresses.^[2]^[7]

Extensions and Options

IPv4 Options

The IPv4 options field is a variable-length extension that follows the fixed 20-byte header, allowing for additional control information while ensuring the total header length does not exceed 60 bytes; any unused space after the options is filled with padding bytes (zeros) to align the header on a 32-bit boundary.^[1] This placement is indicated by the Internet Header Length (IHL) field in the fixed header, which specifies the header size in 32-bit words.^[1] The options provide flexibility for specialized functions but are limited to a maximum of 40 bytes to avoid excessive overhead.^[1] Options are encoded in a type-length-value (TLV) format, where each option begins with an 8-bit type field, followed by an optional 8-bit length field (for multi-byte options) and the value data; single-byte options omit the length and value fields.^[1] The type field consists of a 1-bit copied flag (indicating whether the option is copied into fragments), a 2-bit class (00 for control, 01 reserved for future use, 10 for debugging and measurement, 11 reserved for future use), and a 5-bit option number.^[1] Control options include the End of Options (type 0), a single byte that terminates the options list, and No Operation (type 1), a single byte used for alignment without affecting processing.^[1] Multi-byte options, such as Record Route (type 7), record the IP addresses of routers traversed by the datagram in its value field (up to nine 32-bit slots), while Timestamp (type 68) appends both route addresses and timestamps for performance measurement.^[1] In practice, IPv4 options are rarely used due to the significant processing overhead they impose on routers, which must parse variable-length fields in the fast path, potentially leading to denial-of-service vulnerabilities through resource exhaustion.^[8] For instance, source routing options like Loose Source and Record Route (type 131) and Strict Source and Record Route (type 137), which allow the sender to specify intermediate routes, have been deprecated in many networks because they enable traffic redirection, network reconnaissance, and bypassing of security controls; additionally, RFC 6814 formally deprecates several obsolete IPv4 options.^[8]^[9] These options require routers to modify the packet and forward it accordingly, increasing latency and CPU load compared to standard forwarding.^[10] The variable nature of options introduces security risks, particularly from malformed or oversized options that can trigger buffer overflows, infinite parsing loops, or improper handling of padding bytes, as implementations must validate lengths and offsets to prevent crashes or information leaks.^[11] For example, if an option's length field points beyond the header boundary, the packet should be dropped to avoid exploitation, but historical vulnerabilities have arisen from inadequate checks during variable parsing.^[11] Modern recommendations include rate-limiting or filtering packets with options at network edges to mitigate these risks while preserving functionality for legitimate uses like experimental protocols.^[8]

Option Type	Class	Copied Flag	Description	Example Usage
0 (End of Options)	Control (00)	No (0)	Terminates the options list; single byte.	Ensures proper parsing end.^[1]
1 (No Operation)	Control (00)	No (0)	Pads for 32-bit alignment; single byte.	Aligns multi-byte options.^[1]
7 (Record Route)	Control (00)	No (0)	Records router IP addresses en route.	Debugging network paths.^[1]
68 (Timestamp)	Measure (10)	No (0)	Records timestamps and optionally IPs.	Measuring round-trip times.^[1]
131 (Loose Source Route)	Control (00)	Yes (1)	Specifies loose route pointers; deprecated in many contexts.	Sender-directed routing (limited use).^[8]

IPv6 Extension Headers

IPv6 extension headers provide a modular mechanism for including optional information in IPv6 packets, inserted between the base IPv6 header and the upper-layer protocol header. Unlike the base header, which is fixed at 40 octets, extension headers are chained together using the Next Header field in the preceding header, which specifies the type of the subsequent header (e.g., 0 for Hop-by-Hop Options or 43 for Routing). This chaining allows intermediate nodes to process only the relevant headers without examining the entire packet, enhancing forwarding efficiency. Each extension header ends by pointing to the next one or the upper-layer header, ensuring sequential processing.^[2] The primary types of IPv6 extension headers include:

Hop-by-Hop Options: Processed by every IPv6 node along the path.
Destination Options (first set): Processed by the destination node or intermediate nodes as specified.
Routing: Specifies a list of intermediate nodes to forward the packet.
Fragment: Handles fragmentation of IPv6 packets.
Authentication Header (AH): Provides authentication for IPsec, as defined in RFC 4302.
Encapsulating Security Payload (ESP): Provides confidentiality, data origin authentication, and integrity for IPsec, as defined in RFC 4303.
Destination Options (second set): Additional options processed only at the final destination.

A second Destination Options header may appear after security headers to allow options that must be processed after authentication or encryption. These headers support native IPsec integration without requiring separate transport, unlike IPv4's approach.^[2] Extension headers use a Type-Length-Value (TLV) encoding format for their options, where each option consists of an 8-bit Option Type, an 8-bit Option Data Length, and variable-length Option Data. The Option Type's highest-order two bits indicate processing actions (e.g., skip if unrecognized), while the third-highest bit marks whether the option data is mutable (changeable en route) or immutable. Headers are aligned to 8-octet boundaries for efficient parsing. Processing occurs in a fixed order to avoid issues like fragmentation: IPv6 base header, Hop-by-Hop Options, Destination Options (first), Routing, Fragment, AH, ESP, Destination Options (second), and finally the upper-layer header. Mutable fields are zeroed during authentication computations to handle potential in-transit changes.^[2] This design improves upon IPv4 options by encoding them more efficiently, imposing fewer length limits, and offering greater flexibility for future extensions, while allowing optional processing only when headers are present.^[2]

Key Differences and Evolution

Structural Changes

The IPv6 header represents a fundamental redesign from its IPv4 predecessor, focusing on simplicity, scalability, and efficiency in core architecture. Unlike the IPv4 header, which varies in length from a minimum of 20 bytes to a maximum of 60 bytes due to optional fields and padding, the IPv6 header employs a fixed 40-byte structure to eliminate variability and streamline baseline processing across network devices.^[1]^[2] This fixed size removes the need for length indicators, contributing to more predictable and rapid header parsing in routers and switches. A central shift is the expansion of addressing capabilities: IPv4 uses 32-bit source and destination addresses, limiting the global address pool to approximately 4.3 billion unique identifiers, whereas IPv6 employs 128-bit addresses to support an exponentially larger space of about 3.4 × 10^38 addresses, addressing the exhaustion of IPv4 allocations.^[1]^[2] To alleviate processing burdens on intermediate network elements, IPv6 relocates several functions from the base header that were integral to IPv4. In IPv4, fragmentation details—including a 16-bit identification field, 3-bit flags (such as Don't Fragment and More Fragments), and a 13-bit fragment offset—are embedded directly in the header, enabling routers to fragment packets en route. IPv6, by contrast, prohibits router fragmentation entirely, confining it to source endpoints via optional extension headers like the Fragment Header, which reduces per-packet computations in the forwarding path.^[1]^[2] Likewise, the 16-bit header checksum in IPv4, which requires recalculation at every hop to detect transmission errors, is omitted in IPv6; error checking is deferred to link-layer mechanisms and transport-layer protocols such as TCP, further minimizing overhead during transit.^[1]^[2] Underpinning these modifications is a design philosophy that prioritizes high-speed forwarding and long-term scalability over the flexibility of legacy features. IPv6 eliminates fields like the 4-bit Internet Header Length (IHL) from IPv4, which denoted variable header sizes in 32-bit word units, and shifts optional capabilities—previously handled via the IPv4 Options field—from the base header to chained extension headers that can be processed only when needed.^[1]^[2] This approach simplifies packet inspection, enabling hardware-accelerated processing with reduced complexity and fewer operational cycles compared to IPv4 headers that include options, thereby supporting higher throughput in modern networks.^[2]

Implications for Networking

The evolution of the IP header from IPv4 to IPv6 has significantly enhanced network performance by streamlining packet processing. IPv6's fixed 40-byte header length eliminates the variable-length parsing required in IPv4, which can include options up to 40 bytes, allowing routers to perform faster lookups and forwarding without checksum recalculation for most fields. This simplification reduces CPU overhead on forwarding engines, as evidenced by modern router architectures where IPv6 processing bypasses complex header inspections, leading to lower latency in high-throughput environments.^[12] Overall, these changes contribute to more efficient routing and potentially lower processing times in optimized hardware.^[13] Compatibility between IPv4 and IPv6 networks remains a key operational challenge, addressed through mechanisms like dual-stack implementations and tunneling protocols. In dual-stack setups, devices and routers support both protocols simultaneously, enabling seamless communication across mixed environments without immediate full migration.^[14] Tunneling, such as 6to4, encapsulates IPv6 packets within IPv4 headers to traverse legacy infrastructure, facilitating connectivity for isolated IPv6 domains over IPv4 backbones. These approaches ensure backward compatibility but introduce overhead, with tunneling adding 20-byte IPv4 headers to IPv6 payloads, potentially impacting bandwidth in transitional phases.^[15] Security implications of IP header changes are dual-edged, offering advancements while posing new hurdles. IPv6's extension header framework integrates IPsec more natively than IPv4's optional implementation, supporting mandatory authentication and encryption headers that enhance end-to-end security without protocol fragmentation. However, the expanded 128-bit address space complicates traditional port scanning attacks, as the vast /64 subnets (with 64 bits for hosts) make exhaustive enumeration computationally infeasible, reducing reconnaissance risks.^[16] This shift demands updated security tools, as legacy scanners ineffective against IPv6 can create blind spots in hybrid networks.^[17] The primary driver for IPv6 header adoption has been IPv4 address exhaustion, which depleted unallocated space by 2011, compelling global migration to sustain internet growth. As of October 2025, IPv6 traffic accounts for approximately 45% of global connections to major services, reflecting steady deployment in regions like North America and Europe.^[18] Header modifications also enable advanced features, such as Mobile IPv6 defined in RFC 6275, which uses dedicated extension headers for binding updates and route optimization, providing seamless mobility absent in IPv4's base design.

IP header

Overview

Definition and Role

Historical Context

IPv4 Header

Format and Length

Field Descriptions

IPv6 Header

Format and Length

Field Descriptions

Extensions and Options

IPv4 Options

IPv6 Extension Headers

Key Differences and Evolution

Structural Changes

Implications for Networking

References