Study Plan
2110 Topo
This lesson explains Network Layer and how it fits into the SMPTE ST 2110 stack.
• The Network Layer
• IP header
• Address Class
• DHCP
• ICMP
• IPSec
• ARP
• DNS
• NAT
The Network Layer (Layer 3 of the OSI model) is responsible for logical addressing, routing, and forwarding packets across different networks, enabling communication between devices that may be on separate local segments or even continents. Its primary protocol in modern networks is IP (Internet Protocol), which provides best-effort, connectionless delivery of packets without guarantees of order, reliability, or error correction—those are handled by higher layers like TCP. IP addressing uses a 32-bit number (IPv4) formatted as four octets (e.g., 192.168.1.10), where each address is divided hierarchically into a network portion (identifying the destination network or subnet) and a host portion (identifying the specific device on that network). Originally managed through classful addressing (Class A, B, C) with fixed divisions, IP addressing evolved to classless (CIDR) using variable-length subnet masks (e.g., /24 or 255.255.255.0) to efficiently allocate scarce addresses, supported by mechanisms like private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and NAT to allow many devices to share a single public IP.
When using the Network Layer in conjunction with SMPTE ST 2110 (the suite of standards for professional media over managed IP networks), the core IP principles remain the same—logical addressing, routing, and packet forwarding—but several critical enhancements and strict requirements are imposed to support real-time, uncompressed (or lightly compressed) video, audio, and ancillary data streams with broadcast-grade timing and reliability.
Unlike standard
IP networking (which tolerates variable latency, jitter, and best-effort delivery), ST 2110 demands these
attributes
Precision Time Protocol (PTP, IEEE 1588) — mandatory via ST 2110-10 and ST 2059-2 for sub-microsecond synchronization across all devices; standard IP rarely uses PTP at this level, but 2110 requires it for aligning separate essence streams (video, audio, metadata) that may take different paths.
Multicast transport (primarily) over UDP/RTP — streams are sent to multicast group addresses (often administratively scoped 239.0.0.0/8 range), requiring IGMP snooping/querier on Layer 2 switches and PIM (Protocol Independent Multicast) routing (Sparse Mode preferred) on Layer 3 routers for efficient, scalable distribution without flooding.
Strict Quality of Service (QoS) and low-latency network design — high-priority queues for media and PTP packets, minimal jitter/burstiness, and often spine-leaf topology or PTP-aware switches to meet tight latency/jitter specs (e.g., <1 ms per hop in many cases); standard IP QoS is optional or best-effort.
No fundamental change to IP addressing itself — unicast/multicast IP addresses are used normally, but multicast groups are heavily relied upon, and source-specific multicast (SSM with IGMPv3) is often recommended for better control and scalability.
Managed, non-Internet networks — ST 2110 specifies "managed IP networks" (private, QoS-guaranteed, low-latency fabrics), not the public Internet, to ensure performance; standard IP can run over best-effort links.
.
The IP address
is a 32‐bit number that represents a particular Node. This address is either comprised by network and host, or by network, subnet and host. This is a two or three layer structure on hierarchical address instead of flat scheme. In the two layer scheme, the highest order bits represent a network, while the lower order bits represent a particular node within a network. In a three layer approach, the previous statement is still true but the number of bits used for network and particular node addressing is specified.
Before we
go farther into IP addressing, let's explain how the addressing is transported over the network. At the network layer (Layer 3 of the OSI model), IP addresses are carried inside Internet Protocol (IP) packets, commonly referred to as IP datagrams. The makeup of that packet is shown on the left. The packet ip datagram packets is explained in more depth
here
What the Network Layer Packet Is
The network layer packet is the IP packet. Its primary responsibility is logical addressing and routing—getting data from a source host to a destination host across one or more networks.
Where the IP Addresses Appear:
IP addresses reside in the IP header, not in the payload.
For IPv4, the key address-related fields are:
Source IP Address (32 bits). Identifies the sending host.
Destination IP Address (32 bits). Identifies the receiving host.
These two fields are examined by routers at every hop to determine where to forward the packet next.
You'll notice in the Protocol field of the header is 8bits which specify which transport protocol is being used: TCP, UDP, ICMP, etc.
The actual payload is typically a transport-layer segment (TCP or UDP). IP itself is agnostic to application data.
Why This Matters in Practice
Switches (Layer 2) ignore IP addresses and forward frames using MAC addresses.
But routers (Layer 3) read the destination IP address, consult routing tables, and forward packets toward the correct network.
Subnet masks are not carried in the packet; they are locally applied by hosts and routers to interpret the destination IP.
An IP packet is the network-layer container that carries source and destination IP addresses in its header, enabling routers to move data across interconnected networks independently of the underlying physical media.
.
Now back to the actual rules of IP addressing. To make matters more confusing, the number of bits allotted for each can be via a few simple rules or, as we will see, to stretch the use of a limited number of addresses, the percentage that represents networks and particular nodes on that network can be varied to almost any combination. The important point to keep in mind is the simple top level premise; some bits describe the network and some describe the node on a network.
There are theoretically 4.3 billion unique possible addresses available with the 32‐bit addresses scheme although only about 250 million can be actually assigned.
To get straight into the IP address structure, let's start with an example, and explain more from there.
| Parameter | Value |
|---|---|
| Input | 192.172.26.23/16 |
| Subnet Mask | 255.255.0.0 |
| Subnet Mask (Binary) | 11111111.11111111.00000000.00000000 |
| Network Address | 192.172.0.0 |
| Network Address (Binary) | 11000000.10101100.00000000.00000000 |
| Broadcast Address | 192.172.255.255 |
| First Host | 192.172.0.1 |
| Last Host | 192.172.255.254 |
| Total Addresses | 65,536 |
| Usable Hosts | 65,534 |
| Range (all addresses) | 192.172.0.0 – 192.172.255.255 |
| Previous Block | 192.171.0.0/16 → 192.171.0.0 – 192.171.255.255 |
| Next Block | 192.173.0.0/16 → 192.173.0.0 – 192.173.255.255 |
The 32‐bit IP address is grouped into four 8‐bit octets.
IP address assignment started with the first group or octet referring to the network. While used with the ARPANET in the 1960s, 256 networks might have been enough. It was soon realized, however that that was minuscule as to what would soon be needed. So the standards’ bodies soon developed what they called a Classful address. What this meant was that IP addresses would be divided into class, A, B, and C.
Class A
Class B
Class B addresses point to many universities, other large players that weren’t there at the beginning like Cisco, Tektronix, Sun, individual armed services, NASA, most defense contractors, a myriad of government agencies around the world, large IP service providers, and most hi‐tech companies of any size.
Class C
We mentioned decimal versus hex representation before; if used on IP addresses, Class A addresses would have the first hex value less than 8, Class B a value of 8, and class C a value of B.
Because of the demand for IP addresses, there is a series of addresses in each of the three address classes that are reserved for private use, which means is that there may be many nodes around the world sharing the three blocks of addresses below.
Many home routers use the class C reserved addresses. Why don’t these addresses, used repeatedly, conflict with others using the same addresses? There is another technology that comes into play at the network layer to keep the usage by others separate, known as Network Address Translation (NAT) which we will look at a little later.
To make the most use of the available addresses, modern network layer equipment allows bit‐by‐bit deployment of which bits are used for network addresses and which for individual node addresses. This is implemented via the network mask. Most often when you type ipconfig from a DOS command line you will see the mask with a value of 255.255.255.0.
Let’s look at a few examples: An IP administrator would write the 255.255.255.0 mask as
xxx.xxx.xxx.xxx/24
A specific example: 124.10.1.18/24
This is the network address part, known as the subnet. Thus the 124.10.1.0 subnet can have 256 addresses on it.
Now the same example with a more complicated subnet:
What this means is that subnet 124.10.1.16
Let’s introduce another subtlety for subnets now.
Let’s look at one final example: 192.20.2.21/30:
This is an extreme example, and as we just mentioned, the top address in the subnet is reserved for broadcasting. Often, the lower address in the subnet is reserved for the gateway, leaving only two addresses for nodes on the subnet.
Rule of thumb: when setting up a small network, use a class C address. It is easiest for most people to understand and configure. This gives you one network with up to 256 hosts.
So each node, or host as IT folks call them, has an IP address. How do they get those addresses? You can manually assign them to each host, but then you have to keep track of which host has which address, and you must make sure that two or more hosts don’t end up with the same IP address, which quickly gets tedious. Plus PCs, mainly laptops, come and go. Each new production team that shows up on a truck expects to use your network for their machines. You need an automatic way to hand out and reuse IP addresses. Not only IP addresses, but each host also needs to know how to reach out to the outside world, from whatever subnet it is on; its “gateway” so to speak. As we’ve just seen, the device needs to know what the subnet addressing scheme is.
Originally, when people were connected to large systems, such as Unix based systems, with workstations that had no appreciable storage of their own, they used a system called BootP, which stands for Bootstrap Protocol. The local workstation still had to have a local disk drive to load the BootP software, but over time NIC cards came with embedded BootP firmware. BootP told the workstation where to go to find its bootable image (OS and user files) and what its IP address was. BootP required a server that kept the list of available IP addresses and who they were assigned to.
DHCP (Dynamic Host Configuration Protocol)
is almost exclusively used today. DHCP differs from Bootstrap (BootP) in that BootP assigns an IP address to a host, but the host’s hardware address must be entered manually in a BootP table. DHCP is dynamic BootP. What BootP could do that DHCP can’t, is to send an OS that a host can boot from. DHCP can't do that; it runs on top of BootP protocol on port 67 (ports come in the Layer 4/Transport section).
The DHCP server provides an IP address, the default gateway (router), two DNS (Domain Name Service) server addresses, and a network mask, along with the lease time, or how long the address is good for. When DHCP hands out an IP address, it usually provides a lease for its use for 8 days by default. It is up to the client to renew the lease. We’ll look at DNS in a bit.
DHCP enables individual client machines on an IP network to configure all their IP settings (IP address, default gateway, the subnet mask, and the DNS server) automatically. For a simple router its internet port would be a DHCP client looking to the ISP (Internet Service Provider) for its IP address. For the LAN ports out the other side (the local network) it would be a DHCP server, and the local nodes would be clients looking to the local router for their IP addresses. DHCP can share a set of IP addresses with a greater number of temporary users. A DHCP client will always ask for the last IP address it had from the DHCP server.
Windows clients that are configured for DHCP but unable to access a DHCP server, will default to a special IP address starting with 169.254.x.x. Do IPCONFIG/RENEW at the DOS prompt to see if “DHCP Server Unavailable occurs”. Use the “IPCONFIG/RELEASE” and then “IPCONFIG/RENEW” commands when changing to a new DHCP server.
A DHCP client requests an IP address via a broadcast request. The DHCP Discover Message is as follows:
Routers (covered later under Network Layer) must be set up to forward a DHCP broadcast from a client out to other router ports as a unicast to one of more DHCP servers for redundancy.
ICMP (Internet Control Message Protocol) are message packets that are generated by devices at the network layer. They generally carry error messages. If a router, for example, can’t forward an IP packet, an ICMP message is sent back to the sender. A router will also send out a ‘buffer full’ message via ICMP. The innocuous Ping command uses ICMP echo requests. A header indicating an ICMP packet will be found immediately after the IP header.
IP Security (IPSec) was designed for providing authentication and encryption over the internet. It works at the layer we’re looking at now, the Network layer (layer 3) and secures all applications that operate in the layers above it. Because of the large support it enjoys, it is the standard for VPNs on the internet today. IPSec uses an Authentication Header (AH) and Encapsulating Security Payload (ESP). The AH has no encryption and is used for authentication only. The AH header replaces the IP packet header. ESP provides both authentication and encryption abilities.
IPSec has two modes; transport mode and a tunneling mode. The transport mode creates a secure IP connection between two hosts. The data is protected by authentication and/or encryption, but in this mode, a tunnel is not created.
The tunnel mode encapsulates the complete packet within IPSec. ESP is used to give both authentication and encryption, so it is more commonly used to create secure tunnels. In tunnel mode a hacker cannot even see what transport protocol is being used.
More IPSec info
here
IPsec (Internet Protocol Security) is a standards-based framework that secures IP traffic by authenticating, encrypting, and verifying the integrity of IP packets at the network layer (Layer 3).
What IPsec Protects IP packets themselves, independent of applications, by providing:
Confidentiality – encrypts packet payloads
Integrity – ensures packets are not altered in transit
Authentication – verifies the identity of the sending peer
Anti-replay protection – prevents captured packets from being resent
Core IPsec Components
AH (Authentication Header) - Provides integrity and authentication only (no encryption).
ESP (Encapsulating Security Payload) - Provides encryption, integrity, and authentication (most commonly used).
IPsec Operating Modes
Transport Mode - Encrypts only the payload; original IP header remains visible. Common for host-to-host protection.
Tunnel Mode - Encrypts the entire original IP packet and wraps it in a new IP header. Common for site-to-site VPNs and remote access VPNs.
Key Management - IKE (Internet Key Exchange). Automatically negotiates encryption keys, algorithms, and security associations between endpoints.
IPsec Is Used because it creates VPNs without modifying applications.
Works across any IP-based network. Provides security at a lower layer than TLS/SSL, protecting all IP traffic
.
IPSec provides end to end security and allows a device to roam from one network to another without dropping the connection. IPSec is an encryption protocol that works with both IPv4 and IPv6.
Address Resolution Protocol (ARP) is used to resolve network layer IP addresses into Data-Link MAC addresses. ARP finds the hardware address of a host from a known IP address. DNS uses ARP. The host, or local computer, keeps a local ARP list also, but you shouldn't see addresses in the ARP table for a given interface that aren’t members of the same IP subnet as the interface. You can add entries to the ARP table using the ARP –s command at a DOS prompt. This entry stays until the device is rebooted. ARP -d will delete entries.
A DNS server provides name resolution using ARP protocol and provides a destination IP address and MAC address. A host sends out an address resolution request in what is known as an ARP packet. A DNS server will receive the request and provide a response with the corresponding Data-Link address. ARP requests and responses stay within the restraints of local networks, as a router will not pass them.
In most small systems, the local router talking directly to an ISP modem or a venue’s router is not only your DHCP provider but also your DNS server.
The Domain Name Server (DNS) system replaced the host file that used to be kept and updated on every node on the networks in the early days. The DNS server provides name resolution using ARP protocol and provides the destination IP address and MAC address. While it is a level 3/Network protocol, it uses port 53 on the transport layer. It is the network phonebook.
Top level DNS servers handle .Com, .Org, .Gov, etc. domains. Second level servers handle 2nd level names such as the actual company name. Sub-domains, such as newyorkoffice.company. com are handled by an ISP or the company’s own DNS server.
DNS servers keep a list of Canonical Names (Cnames). ftp.somesite.com is the Cname for www.somesite.com. The DNS server has ‘A’, PTP, Cname, and MX records. ‘A’ records translate host names into IP addresses. PTP (Pointer) records translate IP addresses into host names. MX (mail exchange) records keep email addresses.
Windows Servers and UNIX/Linux come with built-in DNS server software. Many DNS local servers are cache-only, which means they will resolve names on the internet for the network but are not responsible for telling other DNS servers the names of any of its clients. Authoritative DNS servers actually hold the IP addresses and names of systems for a particular domain or domains of the local network in special storage areas called Forward Lookup Zones. The DNS server also keeps Reverse Lookup Zones, where URLs are determined from IP addresses.
As you will recall, there is far more demand for IP addresses than separate, individual addresses available. So there needs to be a way to separate internal use of IP addresses from the rest of the universe, a way to translate private IP addresses to public addresses. So Network Address Translation (NAT) was developed. NAT setup and maintenance is a concept that is usually out of the truck engineer’s scope, but you must be aware of it.
Besides slowing the depletion of IP addresses, NAT is useful for network migrations and mergers when different networks have duplicate IP addresses, for server load sharing, and for creating virtual servers. This situation is quite possible when a truck is part of a large venue. ISP providers change from venue to venue, and you don’t want to have to change the internal address scheme each time. NAT is absolutely required when connecting to the internet without globally unique IP addresses, which no truck will ever have.
NAT is usually run on what is called a boarder router. Most trucks don’t have routers, so again a router would most likely be encountered in context of a large venue, or a device the venue itself would maintain for outside vendors as a gateway to the internet.
NAT has a couple of disadvantages. This address translation introduces path delays, there is loss of end to end IP traceability, and some applications won't run over NAT.
NAT allows what is called Address overloading. This is a type of Dynamic NAT that maps multiple unregistered IP addresses on the inside to a single registered IP address to the outside internet by using different port numbers. This is known as Port Address Translation (PAT). As an example, if four nodes on a truck are trying to reach the same web server back at Fox, all four nodes would get the same IP address on the internet side, but each would get assigned a different source port number. However, they would all have the same destination port number, 80 in the case of an http web server. The web server and your NAT server would know where to direct return web traffic by the source port numbers, but keep in mind that on the truck side of the NAT, each node would still have separate IP addresses.
As with DHCP and DNS in most small systems, the local router handles NAT duties.
