CodeWisdom

IP Datagrams: Connectionless Packet Forwarding

2 min readSystems & Networking

An IP datagram carries its destination address in every packet header. Each router independently forwards the packet based only on the destination address and its local forwarding table — no prior connection setup, no per-flow state at routers. This connectionless design enables scalability but provides no delivery guarantees.

networkingiprouting

The datagram model

Every IP packet carries the full destination address. A router that receives a packet looks up the destination in its forwarding table and sends the packet toward the next hop — no setup, no state maintained per flow. Any packet that arrives at a router can be forwarded immediately (assuming a populated forwarding table).

Forwarding table at Router R2:
┌─────────────┬────────────┐
│ Network     │ Next Hop   │
├─────────────┼────────────┤
│ 10.1.0.0/24 │ R1         │
│ 10.2.0.0/24 │ Interface 1│
│ 10.3.0.0/24 │ Interface 2│
│ 10.4.0.0/24 │ R3         │
│ 0.0.0.0/0   │ Default GW │
└─────────────┴────────────┘

Forwarding logic:
  Packet to 10.3.1.5 → AND with 255.255.255.0 → matches 10.3.0.0/24 → send to Interface 2
  Packet to 8.8.8.8  → no specific match → send to Default GW

The forwarding table stores network prefixes, not individual host addresses. CIDR (Classless Inter-Domain Routing) allows prefixes of any length — a /16 prefix covers 65,536 addresses. Routers apply longest-prefix matching: 10.3.1.0/24 is preferred over 10.0.0.0/8 for a packet to 10.3.1.5.

Datagram properties

Connectionless: No TCP-like handshake before sending. The sender doesn't notify the network of a new flow. Each packet is independent.

Stateless routing: Routers maintain forwarding tables (routes to networks) but no per-flow state. A router handling 100,000 simultaneous TCP connections doesn't know it — it just sees packets.

Unreliable delivery: IP makes no delivery guarantees. Packets can be:

  • Lost (router queue overflow, hardware fault)
  • Reordered (different packets take different paths)
  • Duplicated (rare, from routing loops or link retransmissions)
  • Fragmented (if larger than the link's MTU, with TTL-limited reassembly)

Reliability, ordering, and duplicate elimination are handled at higher layers — TCP for applications that need them, UDP for applications that tolerate loss.

Each datagram is routed independently — two packets from the same flow may take different paths and arrive out of order

ConceptNetworking

IP routing is per-packet, not per-flow. Load balancers and ECMP (Equal-Cost Multi-Path) routing can split consecutive packets from the same TCP connection across different paths with different latencies. The receiving TCP stack reorders segments using sequence numbers. Applications that use UDP and need ordering must implement their own sequence numbering — as video streaming protocols and game networking stacks do.

Prerequisites

  • IP addressing
  • Routing tables
  • TCP vs UDP

Key Points

  • IP routing = stateless, per-packet, destination-based. No flow state at routers.
  • ECMP distributes load across equal-cost paths — different packets may take different routes.
  • TTL (Time to Live) prevents routing loops: each router decrements TTL by 1, packet dropped at TTL=0 with ICMP Time Exceeded sent to source.
  • MTU (Maximum Transmission Unit): if a packet exceeds the link's MTU and the DF (Don't Fragment) bit is set, the router drops it and sends ICMP Fragmentation Needed. Path MTU Discovery uses this to find the smallest MTU on a path.

TTL and traceroute

traceroute exploits TTL to discover routers along the path. It sends packets with TTL=1, TTL=2, TTL=3, etc. Each router that decrements TTL to 0 drops the packet and sends back an ICMP Time Exceeded message — revealing its IP address:

traceroute 8.8.8.8
# 1  192.168.1.1     1.2ms   ← local router (TTL expired here)
# 2  10.0.0.1        5.4ms   ← ISP router
# 3  72.14.234.105   12.1ms  ← Google's network
# ...
# 8  8.8.8.8         18.3ms  ← destination

Each hop is a router that decremented TTL to 0. The pattern reveals the path through the internet at the moment of the probe.

A packet is sent with TTL=1. It arrives at a router that needs to forward it. What happens?

easy

TTL is decremented before forwarding. A TTL of 0 triggers special behavior.

  • AThe router forwards the packet normally — TTL=1 means one hop remaining
    Incorrect.The router decrements TTL before forwarding. TTL=1 becomes TTL=0 after decrement, which triggers the drop rule, not forwarding.
  • BThe router drops the packet and sends an ICMP Time Exceeded message back to the source — the decremented TTL becomes 0, which triggers the drop
    Correct!When a router receives a packet, it decrements TTL by 1. If the result is 0, the router drops the packet and sends an ICMP Time Exceeded (type 11, code 0) back to the source IP address. This prevents routing loops from circulating packets forever. traceroute exploits this behavior — by sending packets with incrementally increasing TTL values, it provokes each router on the path to send back a Time Exceeded message, revealing the router's IP address and round-trip time.
  • CThe packet is delivered to the destination — TTL=1 means exactly one hop allowed
    Incorrect.If the router is not the destination, it must decrement TTL and forward. Decrement makes TTL=0, which triggers the drop. Only if the destination address matches the router's own IP would the packet be delivered.
  • DThe router caches the packet until a valid TTL response arrives
    Incorrect.IP routers don't cache packets waiting for TTL corrections. TTL=0 is a hard drop with ICMP notification.

Hint:What does a router do to TTL before forwarding? What happens when the result reaches zero?