Akshay Kumar - Full-Stack Engineer

What Layer 3 Does

Layer 2 (Data Link) handles communication on a single network segment—devices connected to the same switch or hub. But the internet is millions of separate networks. How does a packet get from your laptop to a server in another country?

That's Layer 3's job: routing packets between networks.

Layer 2: Local Delivery

MAC addresses, same network segment, switches

Layer 3: Global Routing

IP addresses, across networks, routers

IP Addresses

While MAC addresses identify hardware, IP addresses identify network locations. Think of it like:

MAC Address

Like a person's fingerprint—permanent, tied to the physical device

IP Address

Like a mailing address—can change when you move networks

IPv4 Structure

IPv4 addresses are 32 bits, written as four decimal octets: 192.168.1.100

192

168

100

4 octets × 8 bits = 32 bits total = ~4.3 billion addresses

Network vs Host

Every IP address has two parts: the network portion (which network you're on) and the host portion (which device on that network). The subnet mask defines where this split happens.

IP:192.168.1.100

Mask:255.255.255.0(/24)

Network:192.168.1.0

Host:0.0.0.100

With a /24 mask, the first 24 bits identify the network, leaving 8 bits for hosts. That's 2⁸ - 2 = 254 usable addresses per network (minus network address and broadcast).

CIDR Notation

Instead of writing the full subnet mask, CIDR notation just appends the number of network bits:

192.168.1.0/24256 addresses (254 usable)

10.0.0.0/816.7 million addresses

172.16.0.0/121 million addresses

Subnet Mask Visualizer

Prefix:

32 bits:

bit 1bit 32

← 24 bits (network)

8 bits (host) →

Example: 192.168.1.100/24

192

168

100

Network

Host

Split

Subnet Mask

255.255.255.0

CIDR

/24

Total Addresses

256

Usable Hosts

254

Common Subnet Sizes

CIDR	Mask	Hosts	Use Case
/8	255.0.0.0	16.7M	Large enterprise, ISP
/16	255.255.0.0	65K	Campus network
/24	255.255.255.0	254	Home/small office
/28	255.255.255.240	14	Small VLAN
/30	255.255.255.252	2	Point-to-point link
/32	255.255.255.255	1	Single host route

Private vs Public Addresses

With only ~4.3 billion IPv4 addresses and billions of devices, we'd run out fast. The solution: private address ranges that can be reused on every local network.

Range	CIDR	Addresses
10.0.0.0 – 10.255.255.255	/8	16.7 million
172.16.0.0 – 172.31.255.255	/12	1 million
192.168.0.0 – 192.168.255.255	/16	65,536

Your home router has a public IP (assigned by your ISP) and assigns private IPs to devices on your network. NAT (Network Address Translation) rewrites packet headers so all your devices share one public IP.

NAT in Action

Your laptop:192.168.1.100→Router rewrites to:203.0.113.50

Server reply to:203.0.113.50→Router forwards to:192.168.1.100

IP Packet Structure

Just like Ethernet frames wrap data at Layer 2, IP packets wrap data at Layer 3. The Ethernet frame's payload contains the IP packet.

IPv4 Header (20+ bytes)

Ver(4b)

IHL(4b)

ToS(1)

Total Length(2)

ID(2)

Flags(3b)

Fragment Offset(13b)

TTL(1)

Protocol(1)

Checksum(2)

Source IP(4)

Dest IP(4)

Key Fields

TTLTime To Live — Decremented by each router. When it hits 0, the packet is dropped. Prevents infinite routing loops. (Usually starts at 64 or 128)

ProtocolWhat's inside the payload: 6 = TCP,17 = UDP,1 = ICMP

FragmentationIf a packet is too large for a link's MTU, it can be split into fragments. ID, Flags, and Offset fields handle reassembly at the destination.

How Routing Works

Every router maintains a routing table—a list of network destinations and where to forward packets for each. When a packet arrives:

1Router reads the destination IP from the packet header

2Looks up the longest matching prefix in its routing table

3Forwards the packet to the next hop (another router or the destination)

4Decrements TTL (drops packet if it reaches 0)

Example Routing Table

Destination	Gateway	Interface
192.168.1.0/24	directly connected	eth0
10.0.0.0/8	192.168.1.1	eth0
0.0.0.0/0	192.168.1.254	eth0

The 0.0.0.0/0 entry is the default route—used when no other entry matches.

Longest Prefix Match

If multiple routes match, the router picks the most specific one(longest prefix). For destination 10.1.2.3:

10.0.0.0/8matches (8 bits)

10.1.0.0/16matches (16 bits)

10.1.2.0/24wins! (24 bits - most specific)

ICMP: Network Diagnostics

ICMP (Internet Control Message Protocol) is Layer 3's error reporting and diagnostic tool. It's what powers ping and traceroute.

Echo Request/Reply

ping sends Echo Request (type 8), target responds with Echo Reply (type 0)

Time Exceeded

Sent when TTL hits 0. This is how traceroute maps the path to a destination.

Destination Unreachable

Network unreachable, host unreachable, port unreachable, etc.

Redirect

Router tells sender there's a better route available

How Traceroute Works

1Send packet with TTL=1. First router decrements to 0, drops it, sends back ICMP "Time Exceeded"

2Send packet with TTL=2. Second router sends Time Exceeded

3Repeat with increasing TTL until destination responds with Echo Reply

$ traceroute google.com

1 192.168.1.1 1.2ms

2 10.0.0.1 5.1ms

3 72.14.215.85 12.3ms

...

IPv6: The Future

IPv4's 4.3 billion addresses weren't enough. IPv6 expands to 128 bits—enough for 340 undecillion addresses (3.4 × 10³⁸).

IPv6 Address

2001:0db8:85a3:0000:0000:8a2e:0370:7334

8 groups of 4 hex digits, separated by colons

IPv6 Shorthand

Full:2001:0db8:0000:0000:0000:0000:0000:0001

Shortened:2001:db8::1

Leading zeros can be dropped. A single :: can replace consecutive groups of zeros (but only once per address).

Key Differences from IPv4

✓No NAT needed — Enough addresses for every device to have a public IP

✓No fragmentation by routers — Source must handle it (Path MTU Discovery)

✓No header checksum — Layer 4 handles error detection

✓Built-in IPsec support — Encryption at the network layer

Layer 3 Summary

IP addresses identify network locations (not hardware)

Subnets divide address space into manageable chunks

Routers forward packets between networks using routing tables

TTL prevents infinite loops; enables traceroute

NAT lets many devices share one public IP

ICMP provides error reporting and diagnostics

IPv6 solves address exhaustion with 128-bit addresses

Next up: Layer 4 (Transport) — TCP and UDP, ports, reliable delivery, and how applications multiplex over a single IP address.