Beginner here unable to understand why Switch is layer 2 - networking

According to the OSI model, data is encapsulated from layer 7 down to layer 1.
Since normally a setup would be
PC(layer7, 6, 5, 4) > switch(layer 2) > Router(layer 3) > Modem(layer 1)
it seems to me like either layer 2 header is being added before layer 3, or the router would send data backward to the switch to get the layer 2 header? Am I missing something or misunderstanding the interactions between the devices?
Thanks

It might be little easier to understand if you think about the process of building an Ethernet Frame containing an IP Packet that is destined for something off the network:
Computer with IP 10.10.10.1 with a mask of 255.255.255.0 and a default gateway of 10.10.10.254. And lets say its mac address (fake) is 12:34:56:78:90:12
Lets say the default gateway 10.10.10.254, has a mac (also fake) of 22:33:44:22:33:44
So, now the computer wants to send traffic to an IP 50.50.50.50. It knows from its IP address and mask that the IP is off network, so:
It sends out an ARP request for IP 10.10.10.254
It gets back a response with the mac 22:33:44:22:33:44
Now it builds an ethernet frame:
From MAC: 12:34:56:78:90:12
To MAC: 22:33:44:22:33:44 (this mac is local)
With an IP Packet encapsulated inside:
From IP: 10.10.10.1
To IP: 50.50.50.50 (this ip is remote)
So, the real packet isn't sent until it is built. The ARP process helps to get the entire packet built. If that destination IP had been local, the same process would have taken place, except it would ARP for the local IP's MAC Address and the To MAC would have been that response and the destination IP would be local (like 10.10.10.50).
All of the communications between devices really happens at layer 2, via the MAC addresses, or Broadcast Mac Address (like in the case of ARP). The IP packets are delivered via those Layer 2 frames.

Related

how the network card's MAC address is used for communication between devices?

Could you guys help me with that question in the title? I didn't find much useful and objective on the internet to answer.
You need to understand OSI Model. Following is the answer specific to your question:
Layer 2 Communication Process:
Machine A lookup’s for Machine D MAC address in its ARP table.
If MAC Address found then packet is formed and sent to Switch A.
If MAC address not found then ARP Request is generated and MAC address is
obtained.
Switch A receives packet and checks for MAC Address in its
MAC Address Table.
If MAC Address matched it will forward packet on
matched port number.
If MAC Address not found then the packet is
broadcasted to all ports, except on which it has received the packet.
Machine D receives packet from Switch A which was sent by Machine A.
When Machine D will reply, same process will be followed as switching
is done.
Source: https://community.cisco.com/t5/networking-documents/overview-of-layer-2-switched-networks-and-communication/ta-p/3128423

Transferring data between two computers connected with a switch from a high level language

I'll start with stating that I know very little about networking and the whole OSI model.
My goal is to create a tiny network(for now my laptop and a raspberry Pi) using an unmanaged network switch. On higher layer transmissions(level 3+) I would simply set the destination IP address for a packet. From what I've read on Wikipedia a network switch operates at the data link layer which means it uses MAC addresses.
How does one send data to a device on a local area network when it's connecting with something that only supports MAC addresses. More importantly, how does one do it from a high level language like Java or C#?
TL;DR The the OSI model is about abstraction and programing languages use operating system calls to implement this abstraction. The Rasberry Pi is running a full OS and will send and receive network data addressed to its assigned IP address. You do not need to specify MAC address.
You want to communicate with a Raspberry Pi from your Laptop. To do this you first connect them to the dumb switch and assign both devices an IP address in the same subnet, on physical interfaces connected to the dumb switch. Let say that your laptop's physical ethernet connection is assigned 10.0.0.1/24 and Rasberry Pi's physical ethernet connection is assigned 10.0.0.2/24 (If you do not understand my notation look at CIDR). IP addresses are Layer 3 constructs. Now your application will use an Operating System socket to create a TCP or UDP connection(see UDP java example here) with a layer 4 address (application port). Everything higher than Layer 4 is handled by your application.
Layer 2 and lower is handled by the OS. When your application tries to send data through the socket, the Operating System determines which physical interface to send data from by looking at the destination IP address. This lookup uses the OS Routing Table. Assuming you have a normal routing table, the OS will pick the interface that has ab IP with the same subnet as the destination IP. So if you send data to 10.0.0.2, your OS will send data from 10.0.0.1 because it has the same subnet of 10.0.0. Now the OS has selected an interface, it still does not know what Layer 2 MAC address to send the Layer 3 IP packet to. The main reason the OS does not know this is because IP addresses can change, but Layer 2 MAC addresses should not. Anyhow the OS sends out an ARP request which tries to get the MAC address for an IP address. If the devices are connected properly, the OS gets a MAC address for the desired IP address and begins to send data to that MAC address. The switch (smart or dumb) makes sure the message gets to the desired MAC address. At the receiving end, the OS receives the packet and send the data in the packet to sockets bound to the Layer 4 address (application port).
Side note: it is technically possible to send data to just a MAC address using RAW sockets but it is extremely technical.
Liam Kelly's answer provides great insight on abstraction of data sending. I will try to provide complementary information.
Network switch operation
While most switches operate at data level, there are some that can perform some operation at higher levels:
layer 3: Within the confines of the Ethernet physical layer, a layer-3 switch can perform some or all of the functions normally
performed by a router.
layer 4: [...] capability for network address translation, but then adds some type of load distribution based on TCP sessions.
layer 7: [...] distribute the load based on uniform resource locators (URLs), or by using some installation-specific technique to
recognize application-level transactions.
RAW sockets usage
As already specified, these require fairly advanced programming skills. They are also severely restricted in non-server versions of modern Windows Operating Systems (source) due to security concerns:
TCP data cannot be sent over raw sockets.
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must
exist on a network interface or the datagram is dropped. This change
was made to limit the ability of malicious code to create
distributed denial-of-service attacks and limits the ability to send
spoofed packets (TCP/IP packets with a forged source IP address).
A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
Suggestion
If .NET is a viable option for you, I would take Pcap.Net for a spin, as it allows various operations at packet level using high level programming (including LINQ).

Source MAC address on Ethernet layer 2

My question is pretty basic and my apologized for that. In TCP/IP network, if you take a look on layer 2 (Ethernet), we have some fields like Source and Destination MAC address. If you think in your browser, it is totally understandable that you can type a IP, and then the layer 3 (IP) will know the destination IP, then the frame is sent to layer 2.. However, how the layer two know the destination MAC address ? The source MAC address is stored in the network card and it is understandable but on what part of communication the destination MAC address will be known ?
I will give you the basic of how the routing works. This will clarify your doubts:
1) Assuming that we have a layer 3 IP packet which we want to send to some destination which have a DIP = y.
2) The route lookup in the routing table would give you the next hop and the outgoing interface through which the packet needs to go out.
3) Now we have the next hop. Still we dont have the layer 2 encap information which is the DMAC. Assuming this is the first packet we are sending and we dont have the DMAC vs next hop IP mapping yet.
4) The system will generate a ARP Query which will be broadcasted with a DMAC FF:FF:FF:FF:FF:FF within the subnet. This query asks who has the the next hop IP. (Remember we got this from the route lookup).
5) The router having the next hop IP would respond back to the src router (Unicast reply), thus we would know what is the DMAC that needs to be put on layer 2 header.
6) The L3 packet will now be encapsulated in layer 2 header with the dmac as already known now.
7) Remeber the dip won't change in the layer 3 header. This way the packet would traverse hop by hop. At each hop the layer 2 DMAC would change and not the DIP.
Remember that the MAC address identifies each router uniquely on a hop by hop basis.
Hope that clarifies your doubt.
Your computer determines the destination MAC address of the next hop is typically determined on an Ethernet network by using ARP, an Ethernet broadcast protocol that allows you to ask which device is assigned a particular IP address.
MAC address is resolved using layer-2 devices such as network switches. ARP tables is the tool to resolve IP to MAC.
# arp -an

How does The Switch Initially Works

I want to ask question about the Ethernet Switches , lets consider a switch with 8 ports only , and I want to set up a local are network of 8 PCs, if I want each PC to communicate with each other, and I plug in the whole PCs with the switch and turned it on , How does the switch will initially know the mac address of each PC network card ? I think there must be a memory in the switch that should inform the switch how to transmit the frames from PC x to the others PCs and PC y to the others and so on .
Can you please clarify this point .
It is very simple.
Because the ethernet frames have 48 bit address fields, it is obvious that switch should know the MAC address of the destination PC.
For this ,switch uses address resolution protocol. When a sender wants to send data to a receiver with given IP address but does not know its MAC address, it is used.
In this, the table stored inside switch is checked for the IP address. If one of the entries match, then the switch forwards the frame to the port mentioned in the table. If it does not, it broadcasts a request message that asks every host who has this IP?.
The host on the LAN will respond if the IP address given in the request message matches its IP address and will send a unicast reply to the switch informing its MAC address. Then switch updates the table and sends the frame on appropriate port.

How does a packet travel from one computer to another over the Internet based on OSI model

I am familiar with the basic OSI model but I always get confused how does a packet travel from one machine to another over the Internet and what OSI layers do come into picture? For example, for the following topology:
Machine A<----->Switch<---->Router<---->Router<---->Router<---->Switch<---->Machine B
where the multiple routers are shown to represent the Internet, what happens at the OSI layer level, when Machine A send a packet (say a simple "ls" command over FTP) to Machine B.
The above is just a suggested example, but if any one can explain with any other network topology, that is fine too. All I am looking a very basic explanation of how the packet gets transformed to different OSI layers at each nodes (Machine, Switch, Router, etc.).
Routers use the IP layer (layer 3) and switches use the data-link layer (layer 2). Layer 1 is the physical 1s and 0s that go over a wire, Layer 2 is the data-link layer, which is protocols like Ethernet and Point-To-Point Protocol (PPP), which carries information between adjacent nodes about MAC address from and to and allows for error detection and retransmission. Layer 3 is the IP layer, which carries information about where in the whole network the packet is from and to, not just the current hop.
The transmission would go like this:
Machine A wants to send a packet to Machine B. Machine A knows Machine B's IP address, so it places that in the layer 3 packet. Machine A needs to place the MAC Address of the next hop in the layer 2 packet, however. If it does not know, then it will send something called an ARP request (Address Resolution Protocol, read here: http://www.tildefrugal.net/tech/arp.php ) to the network, with the destination IP. One of a few things will happen here:
The IP is local. The machine with that IP will reply back to the sender with its MAC address.
The IP is non-local. The gateway router will detect this and send its MAC address.
The IP is non-local and Machine A's default gateway and subnet mask are set. Using this information Machine A can determine the non-locality of the IP address and send it to the router's MAC address (ARPing if not known yet).
(If Machine A found this out earlier, it will be in the ARP cache and Machine A will just use that.) Now that the MAC address is sent, the packet can be transferred (the physical layer 1 performing the actual transfer of data on the wire). The next stop will be the switch. The switch knows which outbound port the MAC address listed as the layer 2 destination is on, because it tracks every MAC address it's seen a packet come from and which port it came on - if it does not know, then it will flood it out every single port, guaranteeing it'll arrive.
As such, the packet arrives at the router. The cool thing about the IP model is that it divides every single IP address in the network/world into a hierarchy - Subnets by definition cannot overlap subnets partially, they either wholly contain them or are wholly contained by them. So as long as subnets follow this hierarchy, the router can unambiguously determine where each of the 4 billion possible IP addresses are on the network just by looking at what subnet the IP will fall under in its table! The packet is then sent out that port.
As the packet travels through interconnected ISPs' routers, backbone infrastructure and so on, it arrives at Machine B's router, where the opposite process happens - router B sees that its destined for Machine B and sends it inbound. (Similarly, Router B will have to use a process like ARP to find Machine B's MAC address if not known.) The rest should be trivial from here.
good references:
https://web.archive.org/web/20120129120350/http://www.tildefrugal.net/tech/arp.php
http://en.wikipedia.org/wiki/Data_link_layer
http://en.wikipedia.org/wiki/Network_switch
http://en.wikipedia.org/wiki/Network_layer
http://en.wikipedia.org/wiki/Routing
http://en.wikipedia.org/wiki/Router_(computing)
http://en.wikipedia.org/wiki/Address_Resolution_Protocol
The only thing that can travel over a copper wire are pulses of electricity.
The binary number 1 is represented by a pulse of electricity or no pulse of electricity for 0.
Just keep in mind that real data of any kind cannot be sent over copper wire, fibre optic, or through the air ...only a representation of the data which has previously been converted to a 1 or a 0 and then is reconverted back at the receiving end.
Network layer protocol supervises the transmission of packets from a source machine to a destination. Data is broken down into packets, or datagrams, up to 64 kb long before it is transmitted, with a stamp of destination IP address, and forwarded to the network gateway. A gateway can be router to interconnect networks.

Resources