What does the time to live field 8 bits do in an IP header?

The following is the fourth installment of a multi-part series on the fundamentals of routing. Each tip is excerpted from Routing First-Step by William Parkhurst, published by Cisco Press. Check back frequently for the next installment, or go to the main series page for all the installments.

Unlike the post office, a router or computer cannot determine the size of a package without additional information. A person can look at a letter or box and determine how big it is, but a router cannot. Therefore, additional information is required at the IP layer, in addition to the source and destination IP addresses. Figure 3-12 is a logical representation of the information that is used at the IP layer to enable the delivery of electronic data. This information is called a header, and is analogous to the addressing information on an envelope. A header contains the information required to route data on the Internet, and has the same format regardless of the type of data being sent. This is the same for an envelope where the address format is the same regardless of the type of letter being sent.

Figure 3-12 - IP Header Format

The fields in the IP header and their descriptions are

• Version - A 4-bit field that identifies the IP version being used. The current version is 4, and this version is referred to as IPv4.
• Length - A 4-bit field containing the length of the IP header in 32-bit increments. The minimum length of an IP header is 20 bytes, or five 32-bit increments. The maximum length of an IP header is 24 bytes, or six 32-bit increments. Therefore, the header length field should contain either 5 or 6.
• Type of Service (ToS) - The 8-bit ToS uses 3 bits for IP Precedence, 4 bits for ToS with the last bit not being used. The 4-bit ToS field, although defined, has never been used.
• IP Precedence - A 3-bit field used to identify the level of service a packet receives in the network.
• Differentiated Services Code Point (DSCP) - A 6-bit field used to identify the level of service a packet receives in the network. DSCP is a 3-bit expansion of IP precedence with the elimination of the ToS bits.
• Total Length - Specifies the length of the IP packet that includes the IP header and the user data. The length field is 2 bytes, so the maximum size of an IP packet is 216 – 1 or 65,535 bytes.
• Identifier, Flags, and Fragment Offset - As an IP packet moves through the Internet, it might need to cross a route that cannot handle the size of the packet. The packet will be divided, or fragmented, into smaller packets and reassembled later. These fields are used to fragment and reassemble packets.
• Time to Live (TTL) - It is possible for an IP packet to roam aimlessly around the Internet. If there is a routing problem or a routing loop, then you don't want packets to be forwarded forever. A routing loop is when a packet is continually routed through the same routers over and over. The TTL field is initially set to a number and decremented by every router that is passed through. When TTL reaches 0 the packet is discarded.
• Protocol - In the layered protocol model, the layer that determines which application the data is from or which application the data is for is indicated using the Protocol field. This field does not identify the application, but identifies a protocol that sits above the IP layer that is used for application identification.
• Header Checksum - A value calculated based on the contents of the IP header. Used to determine if any errors have been introduced during transmission.
• Source IP Address - 32-bit IP address of the sender.
• Destination IP Address - 32-bit IP address of the intended recipient.
• Options and Padding - A field that varies in length from 0 to a multiple of 32-bits. If the option values are not a multiple of 32-bits, 0s are added or padded to ensure this field contains a multiple of 32 bits.

The IP Precedence field can be used to prioritize IP traffic. (See Table 3-9.) This is the same as the postal system having different classes of mail such as priority, overnight, and 2-day delivery. Routers can choose to use this field to give preferential treatment to certain types of IP traffic.

Table 3-9 - IP Precedence Values

The ToS bits were originally designed to influence the delivery of data based on delay, throughput, reliability and cost. (See Table 3-10.) They are usually not used and are therefore set to zero.

Table 3-10 - Type of Service Values

The IP Precedence field can have 8 or 23 possible values. Routers use two of these values, 6 and 7, for routing protocol traffic. That leaves six values that can be used to prioritize user traffic. Because the ToS bits are typically not used, the IP Precedence field can be extended from 3 to 6 bits by using 3 bits from the ToS field. (See Figure 3-13.)

Figure 3-13 - IP Header Type of Service (ToS) Field

This new field is called the Differentiated Services Code Point (DSCP). That gives you 64 or 26 possible values that can be used to prioritize traffic. Although there are 64 possible DSCP values, only 14 are used typically. (See Table 3-11 and the explanation that follows.)

Table 3-11 Differentiated Services Code Point Values

Notice that the first 3 bits of the DSCP value are the 3 bits from the IP precedence. An IP precedence of 000 maps into a DSCP value of 000 000, and both represent best effort delivery. An IP precedence of 101 (Critical) maps into a DSCP value of 101 110 (High Priority or Expedited Forwarding). The remaining 4 IP precedence values are each mapped into 3 DSCP values. The additional 3-bit portion is used to identify a drop probability within one of the four assured forwarding (AF) classes.

This discussion of the contents of the IP header is meant as an overview. If you are interested in learning more details regarding the IP header, refer to the references at the end of this chapter. The important concept to take away from this discussion is that the IP header contains the source and destination IP addresses. Routers use the destination IP address to determine a route; therefore, the IP layer in the layered model is the routing layer.

At this point, we could stop our discussion of the layered protocol model. This book is about routing, and routing is the second or third layer depending on which model is used. A router does not care what application sent the data, or how the application is going to receive the data. The job of the router is to get the packet to the proper destination. It is then the responsibility of the destination host to deliver the data to the application. The incomplete layered model in Figure 3-8 is sufficient for the remainder of this book. But, to be complete, let's go ahead and finish the model.

All parts reproduced from the book Routing First-Step, ISBN 1587201224, Copyright 2005, Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses. Visit www.ciscopress.com for a detailed description and to learn how to purchase this title.

Time-to-live in networking refers to the time limit imposed on the data packet to be in-network before being discarded. It is an 8-bit binary value set in the header of Internet Protocol (IP) by the sending host. The purpose of a TTL is to prevent data packets from being circulated forever in the network. The maximum TTL value is 255. The value of TTL can be set from 1 to 255 by the administrators. 

The usage of TTL in computing applications lies in the performance improvement and management of data caching. It also finds its use in Content Delivery Network (CDN) caching and Domain Name System (DNS) caching.

The number of hops a packet travels before being discarded by a network is known as the time to live (TTL) or hop limit. The maximum range for packets is indicated by TTL values.

• The sending host sets the initial TTL value as an eight binary digit field in the packet header. 
• The datagram’s TTL field is set by the sender and reduced by each router along the path to its destination. 
• The router reduces the TTL value by at least one while forwarding IP packets. 
• When the packet TTL value hits 0, the router discards it and sends an ICMP message back to the originating host.
• This system ensures that a packet moving via the network is dropped after a set amount of time, rather than looping indefinitely.

Working of TTL

Thus, using the TTL value there is a restriction on the duration for which the data exists on the network. Furthermore, it also helps to find out the period of data for which it has been on the network and how long it will be on the network. 

In the scenario below, Host A wishes to interact with Host B using a ping packet. Host A uses a TTL of 255 in the ping and transmits it to Router A, its gateway. When Router A notices that the packet is going for a layer 3 i.e. Network layer, it hops to Router B, reduces the TTL by 255 – 1 = 254, and delivers it to Router B. Router B and Router C decrement the TTL in the same way. Router B decrements TTL in a packet from 254 to 253 and Router C decrements the TTL from 253 to 252. The ping packet TTL is decreased to 252 when it reaches Host B.

TTL Example

Whenever TTL reaches the value of zero, TTL=0 then the packet is discarded by the router, and the Time Exceeded Error message is sent to the originating host.

Time-to-Live (TTL) in DNS:

DNS TTL refers to the time taken by DNS for caching a record. In other words, the duration for which a DNS record is to be kept or the time it takes for a DNS record to be returned from the cache is referred to as time-to-live. It is a numerical value set in a DNS record on the domain’s authoritative domain name server.

It specifies the number of seconds for which a cache server can provide the record’s cached value. When the set time has elapsed since the previous refresh, the caching server will contact the authoritative server to obtain the current and possibly updated value for the record.

Time-to-Live (TTL) in HTTP:

TTL is measured in seconds and is set by HTTP headers such as the Cache-Control header. If the value is set to “Cache-Control: max-age=60” then it implies refreshing a given resource every 60 seconds before the time to live is surpassed. The setting “max-age=0,” implies that the resource should not be cached at all.

Time to live field has a direct impact on page load time (cached data loads faster) and content freshness on your site (i.e., data cached for too long can become stale).

TTLs should be configured as follows to ensure that your visitors only see the most recent version of your website: 

• For static content like images, documents, etc., a longer TTL value is set as they rarely get updated. 
• For dynamic content such as HTML files, it is difficult to set TTL values. To exemplify, the comment section of a website frequently changes and its refresh time cannot be predicted at all if a user is permitted to modify the existing posts also then caching is not a recommended practice.

What is time-to-live  (TTL) exceeded?

IP packets delivering web HTTP traffic over TCP (Transmission Control Protocol) that have traveled too many network hops are referred to as TTL exceeded. When this situation arises then each router Each router reduces the TTL field of IP packets sent over the network until it reaches 0. The router then drops the IP packet and sends an ICMP packet with a TTL exceeded error code to the sending host.

Application of time-to-live (TTL):

The TTL value is used in the network utilities such as ping, traceroute, and pathping. 

• The ping command is used to test the reachability of the destination computer. In other words, it verifies whether the communication can take place between the source and destination computer or a networked device. It works by sending ICMP Echo request messages to the target computer and then waiting for the response. The execution of the ping command gives two important pieces of information: how many responses are returned and how long it takes for them to return.

ping command

• The tracert/traceroute command is used to trace the path between two devices. There are multiple routers in the path using which connection is established. So, it will provide the names or IP Addresses of routers existing in the path of two connecting devices.

tracert command

• In Internet Protocol (IP) multicast, TTL may have control over the packet forwarding scope or range.
  • 0 is restricted to the same host
  • 1 is restricted to the same subnet
  • 32 is restricted to the same site
  • 64 is restricted to the same region
  • 128 is restricted to the same continent
  • 255 is unrestricted
• TTL is also employed in caching for Content Delivery Networks (CDNs). TTLs are used herein for specifying the duration of serving cached information until a new copy is downloaded from an origin server. A CDN can offer updated content without requests propagating back to the origin server if the time between origin server pulls is properly adjusted. This accumulative effect enables a CDN to efficiently offer information closer to a user while minimizing the amount of bandwidth required at the origin.
   
• TTL is also employed in caching for Domain Name Systems (DNS). TTL is a numerical value that refers to the duration used herein by the DNS Cache server for serving a DNS record before contacting the authoritative server to get a new copy.

TTL: Time Limit or Hop Limit?

In IPv6, it is known as hop limit and in IPv4, it is known as TTL. The Hop field is same as the TTL field in IPv4.

The hop count function is necessary for network operation. It prevents networks from collapsing as a result of packets looping indefinitely. Transport protocols like TCP use the time limit function to ensure that data is transferred reliably.

Even if the elapsed time was significantly less than a second, every router that handles a packet must reduce the TTL by at least one. In this perspective, Time-to-Live serves as a hop counter. So, it puts a limit on how far a datagram can propagate via the Internet.
When a packet is forwarded, the TTL must be reduced by at least one. It may decrease the TTL by one for each second it retains a packet for longer than one second. Time-to-Live is used as a time counter in this manner.

Common TTL Values:

Normally, the TTL value is 86400 seconds or 24 hours. MX and CNAME records, on the other hand, can have a longer TTL because they are expected to change infrequently. It is recommended that you set TTL to 1 hour if your service is vital (3600 seconds). Shorter TTLs can put a strain on an authoritative name server, but they can be advantageous when changing the address of key services like web servers or MX records. As a result, DNS administrators often reduce TTLs before moving services to avoid interruptions.