/Data Link Layer

Table of Contents

Learning Outcomes [Top]

After completing these activities you should be able to:

Discussion [Top]

Introduction to the Data Link Layer

Recall from our introduction to networking that a network is a collection of interconnected computers, such that the computers can pass messages between each other. In the TCP/IP Stack the Data Link Layer is the local network; i.e. a collection of computers that are directly connected to each other; i.e. computers that can directly communicate with each other. Similar to how you can directly talk to someone when you are in the same room. In this discussion we will further explore the problems that the Data Link Layer solves, namely connecting a host to a local network, and the problems is does not solve.

Data Link Layer Basics

Some examples of different "links" (Data Link Layer protocols):
  • Ethernet
  • Wi-Fi
  • WiMax
  • Cellular (CDMA, EDGE, 3G, 4G LTE)
  • Fiber Optic
  • Data Over Cable Service (DOCSIS)
  • SINCGARS (military radio handsets)

Protocols at the Data Link Layer interface with the Physical Layer and the Network layer, the Data Link Layer is where digital data shifts from a circuit aspect to a logic aspect. In fact converting between a digital signal and digital data is the first big problem that a Data Link Layer protocol solves in the networking stack. Our initial example of a Data Link Layer protocol will be the Ethernet protocol, or simply Ethernet. Since the Physical Layer and Data Link Layer are so inherently linked Data Link Layer protocols, such as Ethernet, overlap into the Physical Layer; i.e. part of the Ethernet protocol discusses converting back and forth between digital data and a digital signal. Ethernet uses cables, specifically Cat5, Cat5e, or Cat6 cables (Wikipedia), and is the most widely used wired networking protocol for local networks. We will discuss the additional challenges that come with wireless communications, and solutions such as Wi-Fi, another Data Link Layer protocol, later in the course.

Any Data Link Layer protocol has an interface that serves as the physical connection to the Physical Layer, whether that interface is a wire (like Ethernet) or transceiver (like wireless communications). An information system may have multiple interfaces, each for different types of Physical Layers; much like your laptop has an Ethernet port and a Wi-Fi antenna. The interface is the manner in which the digital signal enters the information system for conversion into digital data by the Data Link Layer protocol. In fact the Physical Layer and Data Link Layer are so intrinsically linked that Data Link Layer protocols, such as Ethernet and Wi-Fi, also go down into the Physical Layer; i.e. part of the Ethernet protocol discusses converting back and forth between digital data and a digital signal.

Names vs. Numbers We continually see in the world of computers that information systems like numbers (binary), but humans like names. We continually develop systems that translate binary information that information systems understand, into text information that we like.

Most of the layers in the networking protocol stack need a way to identify the entities (hosts, processes) that are communicating. In fact, we actually have to do the same thing in normal in-person communications; we either identify who is communicating by looking at each other, or identifying who is communicating using names. But, instead of a name, information systems use numbers to identify entities; remember the alphabet in information systems only consists of 0, and 1, so the only thing they know is numbers. To use a general term, communication protocols use an address to identify the communicating parties. The use of the term address in computers (originally from memory address) was actually adapted from the concept of street addresses. An address in the networking context is simply a number used to identify a host.

As data flows up and down the TCP/IP Stack the data comprising the complete message, the Application Layer message and the header information from the other layers, takes on a different name at each layer. We use different names for the data at each layer so it is clear at what layer, and what data we are referring to. At the Data Link Layer the data transiting across the network is called a frame. One of the big differences between a frame at the Data Link Layer and the higher layers is that a frame has both a header and a footer. A frame has both a header and footer so that the signaling hardware at the Physical Layer can clearly detect the the start of the digital signal and the end of the digital signal in spite of interference, or a weak signal.

Ethernet Protocol

With some basic Data Link Layer terminology down, we can now focus on the Ethernet protocol. Most computers (desktops and laptops) come with an Ethernet port, or at least an adapter to convert a high speed connection to an Ethernet port. We wont cover all of the details of how the Ethernet protocol directly connects hosts together to form a local network, but it is important for you to understand that the Ethernet protocol operates at the Data Link Layer, and that it is a commonly used protocol to form a wired local network. When we discuss wireless protocols we will see that some of the approaches that were founded in the Ethernet protocol are reused, like Wi-Fi and Bluetooth.

IEEE IEEE, pronounced eye-triple-e, is the Institute of Electrical and Electronics Engineers.

The Ethernet protocol is specified and maintained as an IEEE Standard, specifically IEEE 802.3. The Ethernet protocol is a best effort protocol, that is it does not guarantee a message will be successfully delivered to the intended destination. That being said the Ethernet protocol is designed to be robust, and does address some of the issues that arise from the Physical Layer. Specifically, the Ethernet protocol can detect and correct, to a certain degree, interference that a digital signal experiences when transiting through a transmission medium at the Physical Layer. Additionally, the Ethernet protocol can detect collisions between multiple transmissions. When a sender detects a transmission collision, the sender transmits a jam signal and waits for a little while before trying to send the message again. If too many collisions occur, then eventually the sender will stop trying and give up; i.e. the Ethernet protocol does not guarantee that a message will be sent.

The Ethernet protocol uses a MAC address (Media Access Control) to identify what interface (Ethernet card) a frame is addressed to (destination address) and what interface a frame is from (source address). "MAC" is pronounced like Mack in Mack truck, it is rare that you hear the acronym spoken as the full Media Access Control. The name media access control comes from the fact that the address is meant to identify the source and destination devices that are directly communicating across the actual transmission medium. An Ethernet MAC address is 48-bits; do you recall how many bytes that is? Right, 6 bytes. 48 bits is a lot, we don't like to look at big numbers, especially when that number is a long sequence of 0s and 1s. So, we use a short hand way to look at MAC addresses. Hmm, what is a good shorthand for binary ... oh yeah hexadecimal. Most of the utilities that display MAC addresses display a MAC address as the hex representation of the six bytes; e.g. 20-47-47-CB-9A-30, or c8:60:00:6d:f4:80. The MAC address of an Ethernet adapter is assigned by the manufacturer at the time of manufacturing. In fact you can enter in a MAC address here to find out the manufacturer associated with a given MAC address (Wireshark). Each Ethernet frame includes a destination MAC address and a source MAC address; much like the thank you letter you send to grandma when she bakes you cookies having a destination and return address.

Ethernet's use of MAC addresses was so effective, that wireless technologies that came out much later adopted the use of MAC addresses. Both Wi-Fi (IEEE 802.11) and Bluetooth (IEEE 802.15) use MAC addresses. Check out your smart phone's MAC addresses!
  • iPhone: Navigate to Settings > General > About, and scroll down to view your phone's MAC addresses.
  • Android: Navigate to Menu > Settings > About phone > Status, and scroll down to view your phone's MAC addresses.

Try this:

  1. Connect your laptop to an Ethernet network
  2. Open a Windows shell
  3. Enter in the command: C:>ipconfig /all
  4. Scroll the resulting output to the Ethernet adapter Local Area Connection: portion
  5. The value associated with Physical Address is the MAC address of your Ethernet adapter
  6. Is the manufacturer of your Ethernet adapter what you expect as reported by the MAC address database? (Wireshark)

The below diagram shows the output from ipconfig on a Windows system. We will talk about many of the other fields as we continue our networking discussion, but for now focus on the Physical Address information. What is the manufacturer of the Ethernet card in the below diagram?

Windows 7 ipconfig /all

In summary, the Ethernet protocol:

Data Link Layer Hardware

Now that we understand the basics of the Ethernet protocol, we will explore some of the networking hardware that Ethernet cables are plugged into. The Ethernet port on your computer and the wall are fairly straight forward Physical Layer connections or ports. The Ethernet port on your computer connects to a chip set on your computer's motherboard (recall the PC Dissection Lab). But what about the port on a wall? Where does that wire lead to?

The simplest networking hardware that is used in an Ethernet network is a hub (example pictured to the right). In the simplest case, an Ethernet network is formed by a number of hosts connected by cables to a hub. Any frame a host sends across the cable connected to the hub is retransmitted by the hub to the other cables connected to the hub. A hub itself does not have a MAC address, it merely listens for and retransmits frames. If hosts on the same network are connected by a hub, we have a reasonable picture of how things work. However, hubs are not often used these days for an obvious reason: it's extremely inefficient to have every host on the network receive a copy of every frame sent.

Consider this simple example. Imagine that Alice, Bob, Ciana, and Ralph are all connected via a hub. Alice and Bob start a conversation, Alice and Bob follow their communications protocol and take turns sending messages. While this is happening Ciana and Ralph start a conversation, but in doing so the frames of Ciana and Ralph's conversation start colliding with the frames of Alice and Bob's conversation, thus wrecking their conversation. Having too many hosts connected via a hub or a chain of hubs can quickly lead to many collisions. If there are too many collisions, then the entire network becomes unusable, so much so that Felix can't fix it. Hmm, what pillar is associated with being able to use a service? Right, availability. Is there another pillar that we might be concerned with when using a hub? What if Alice doesn't want Ralph to know that she is talking to Bob? Confidentiality starts to come into question if frames are broadcast out to all other hosts on the local network by a hub.

For those reasons hubs are rarely seen in wired networks anymore. Instead of a hub we use a switch (example pictured to the right). Even though a switch looks very similar to a hub, a switch is more capable (provides more services) than a hub. A switch is smarter than a hub, in that it only retransmits frames down the port (physical connection) the destination host is connected via, rather than retransmitting each frame to every network segment (port). That means that if Alice and Bob are on different network segments than Ciana and Ralph, then Alice and Bob's conversation will not interfere (collide) with Ciana and Ralph's conversation. Additionally, neither Ciana nor Ralph will see the frames of Alice and Bob's conversation, there by supporting confidentiality.

A switch "learns" the MAC address of each host connected to it by reading the source address in frames; i.e. a switch knows the Ethernet protocol. By reading the data in an Ethernet frame a switch learns what MAC address is plugged into what port (physical connection) of the switch. Each network segment is only forwarded traffic destined for hosts on that network segment, so a switch is much more efficient, and permits higher throughput than a hub. So compared to a hub, a switch better supports availability and confidentiality. A switch additionally performs the same set of signal and collision detection that a hub conducts .

One important thing to understand about a switch is that the individual ports of a switch and the switch itself do not have MAC addresses; i.e. a switch does not have any MAC addresses assigned to it, just like a hub does not. Since a switch doesn't have a MAC address, the switch itself cannot initiate (be a source) or be the target (destination) of communications. A switch only retransmits traffic between segments of a local network.

Address Resolution Protocol (ARP)

We will close out our discussion of the Data Link Layer by discussing the Address Resolution Protocol, or simply ARP. This is good, because ARP serves as a good transition up to the Network Layer, in fact that is the whole purpose of ARP. ARP translates back and forth between Data Link Layer addresses and Network Layer addresses. We will cover Network Layer addresses more in depth in the next topic. For now, you just need to know that an IP address (Internet address in the below diagram) is a Network Layer address that ARP translates between, and an Ethernet address is a Data Link Layer address that ARP translates between.

The Address Resolution Protocol is basically the phone book, or perhaps the contact list, for the local network. Typically once a host connected to a network completes the boot process (the operating system completes its start up sequence), and has an IP address, the host then sends an ARP announcement stating its own MAC address and IP address for other hosts on the local network. A single ARP announcement frame is sent to all of the hosts on the local network using the MAC address of FF:FF:FF:FF:FF:FF, the broadcast MAC address. What would the broadcast MAC address look like in binary? What is the binary equivalent of hexadecimal F? ... That's right, F in hex is 1111 in binary. So the broadcast MAC address would be 48 1's, or 11111111:11111111:11111111:11111111:11111111:11111111; now aren't you glad we have hex for shorthand. But you said before that we users like to use names not numbers, where are the names? Where are Alice and Bob? Good question, there is an Application Layer protocol called DNS that translates between names that users like and Network Layer addresses that computers like; we will cover DNS in greater detail later.

The hubs and switches of the local network will transmit frames destined for the broadcast MAC address to all of the network segments they are connected to. Thus ensuring all hosts on the local network have a chance to receive an ARP announcement. On the receiving end, a host receives an ARP announcement and stores the MAC address and Network Address of the source (sender) in a table on the host called the ARP table. The ARP table serves as the phonebook for hosts on the local network. It is important to point out that each host on a network builds and maintains their own ARP table. The arp shell utility displays, and controls the data in the host's ARP table. The below diagram shows the output from arp on a Windows system. What option was used in the below diagram? ... The -a option stands for "all", in the example all of the ARP table entries are listed. UNIX systems also have an arp command.

The arp diagram also shows IP addresses (Network Layer address). We will talk about IP addresses in the next discussion, Network Layer.
What hardware vendors can you identify from the arp diagram?

Windows 7 arp -a

When a host wants to talk to another host on the local network, the sender looks in the its own ARP table for the MAC address of the destination host, using the destination's IP address (Network Layer address). Continuing from the example above, Alice will look up Bob's MAC address in Alice's own ARP table using Bob's IP address. Alice populated her ARP table by listening to all of the ARP announcements that came across her segment of the local network. Once finding Bob's MAC address in her own ARP table, Alice will send a frame with Bob's MAC address as the destination address, and her MAC address as the source address.

Programming Applied

You might be wondering how does a host determine if it is the host being asked about in an ARP request. Well the answer is by using the fundamental programming concepts you learned about a few discussions back. Upon receiving an ARP request a host will check to see if it is the host being asked about by actually using an if statement. The below pseudo code is an example of what that code would look like.
if ( myInfo == arpRequestInfo ) {
  // Reply that's me

But what if a host is not listed in the ARP table; i.e. Bob's MAC address is not listed in Alice's ARP table. Well, ARP also has an ARP request message. If Host A needs to know the MAC address of Host B on the local network, but Host B is not in Host A's ARP Table, then Host A will send an ARP request frame to the broadcast MAC address asking for Host B's MAC address. All the hosts on the local network will receive the ARP request since the frame has the broadcast MAC address as the destination address. Upon receiving an ARP request a host will check to see if it is the host being asked about. If the host is the host being asked about, then it will send an ARP response back with it's MAC address. So Host B, upon receiving the ARP request from Host A, and determining that Host A needs Host B's MAC address, Host B will send an ARP response back to Host A with Host B's own MAC Address as the source MAC address, essentially telling Host A "Hi, I'm over here". Once Host A receives the ARP response from Host B, Host A then starts sending frames directly to Host B, and Alice and Bob are now talking across the local network.

Try this:

  1. Connect your laptop to a local network
  2. Open an Administrator Windows shell
  3. Enter in the command: C:>arp -a
  4. How many hosts are listed in your ARP table?
  5. Enter in the command: C:>arp -d *
  6. Enter in the command: C:>arp -a
  7. How many hosts are listed in your ARP table?

The -d option for arp stands for delete. Don't worry, as your computer receives more ARP announcements your local ARP table will be repopulated. And besides if you want to talk to someone before then, your computer will simply send out an ARP request, and wait for the ARP response to come back.

In summary, the Address Resolution Protocol:

++ [Top]

References [Top]

  1. Network Working Group. RFC 826 An Ethernet Address Resolution Protocol. Internet Engineering Task Force. Nov 1982.
  2. Network Working Group. RFC 903 A Reverse Address Resolution Protocol. Internet Engineering Task Force. Jun 1984.