Visibility of IP addresses in layer 2? - networking

Whether IP addresses will be visible to layer 2 (data link layer) devices. If not, then how come those layers use ARP protocols to convert IP address to MAC address without knowing IP address.
Thank You.

From thread here
ARP has always been a Layer 2 protocol. The reason: The highest layer addresses carried within ARP are Layer2 MAC addresses for typical ARP operation. The IP addresses in the ARP packets are protocol payload, no addressing information of the ARP packet itself.
ARP is a protocol that does not fit too well into the 7 layer OSI model or the ancient DoD layer model. These models were defined for end user applications like HTTP or FTP and they still define, how traffic is sent from application to application through a network stack (L3+L4) and a network interface (L2 + L1) down on the wire.
ARP is a service protocol that glues together layer 2 and layer 3 protocols. It solves the problem that you need to add a layer 2 (MAC) destination address over a shared media like Ethernet or Wireless LAN using IP packets. But ARP is a separate process with separate packets. You will find no ARP protocol information within an IP packet. This is the reason, why ARP is definitely not a layer 2.5 protocol.

Whether IP addresses will be visible to layer 2 (data link layer) devices.
generally speaking no. Ethernet header has ethertype field, which speficies next header format after the current ethernet header. There are a couple of values that are still at layer 2, like VLAN tags, spanning tree BPDUs, and similar. If Ethertype is anything else, layer 2 device is not supposed to look into it. (And a device that does should not really be called layer 2 device)
On end-hosts, ethertype will determine how packet is processes, after layer 2 processing is done. But this is no longer layer 2 processing.
If not, then how come those layers use ARP protocols to convert IP address to MAC address without knowing IP address.
I think you think of it backwards. ARP protocol is used by IP layer to find MAC address of a device with a given IP address on a local network. It is not used by layer 2 to map IPs.
For example, let's say your home network has two devices, your laptop which has IP 192.168.0.10 and your phone, which has IP 192.168.0.20. The network mask is /24. Now you want to send a packet from your laptop to your phone, for example ping 192.168.0.20.
First, an ICMP packet is created. Next, layer 3 determines where to send the packet. It has determined that the other host is connected to the same local network (based on first 24 bits of both addresses).
Next, this packet needs to be sent to local network. However, local network is layer 2, and layer 2 can only forward MAC addresses. Thus layer 3 signals layer 2 to do "MAC address lookup" for the IP address. Approximatelly, your laptop will send a broadcast packet to all connected devices saying that it looks for MAC address of a device that has IP address 192.168.0.20. Since your phone currently has this address, it replies, with its own MAC address. When the laptop receives the reply, it can send a frame with destination MAC to your phone. Note: laptop will usually also save an entry in its APR cache.

Related

Why my routing tables stores a mac address?

I am a student learning computer network.
Here's how my network look like:
Router(NAT)
/ \
My PC My iPad
I have looked up my computer's routing table, and it shows the following:
$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 172.22.128.1 UGScg en0
127.0.0.1 127.0.0.1 UH lo0
172.22.128.1 0:74:9c:96:72:55 UHLWIir en0 1200
172.22.161.13 ba:2e:b1:6f:69:39 UHLWI en0 740
I confirmed that the ip 172.22.161.13's gateway ba:2e:b1:6f:69:39 is the MAC address of my iPad.
I have a few doubts:
Shouldn't the routing table records ip address of next hop? how can it store a MAC address?
If the command netstat -r also lookups the arp table, how should it send packets to my iPad without going through the router?
The issue here is understanding the functionality of layer 2 and layer 3 in a network.
There is a difference between forwarding packets to the device located on the same subnet and on the device located on the different subnet.
I don't think there is a better definition of subnet, than devices that can communicate via a layer 2 protocol with each other. Routers are used to forward packets between devices in different subnets, that is, two devices in the same subnet do not communicate over the router, at least not over the "router" part of the router.
Devices that are located in the same subnet should be assigned the same IP prefix (i.e., the bits covered by network mask are the same). "Should" means that if it is not the case, then your network is configured wrong and may not work properly. This way your PC and your IPad can determine that they are on the same subnet and do not need to go over their default gateway.
Since your PC and your IPad are on the same subnet, they will talk to each other using layer 2. I am not sure from your configuration how many interfaces are actually wireless. If both interfaces are wireless, they may actually be capable of talking directly (i am not sure if wifi protocol in AP mode allows it, i think it does). If your PC is connected over Ethernet, then your Router also acts as a switch/bridge (which is layer 2 device) and forwards packets according to ethernet specification. You can learn about it by googling MAC learning.
This should answer the second question, now to the first one.
Actually, I wonder why the table is storing IP addresses. IP address of the next hop is not used in forwarding. First, note, that communication between devices which are two hops from layer 3 (i.e., routers) standpoint happens using layer 2. When a device makes routing decision, in takes the destination address from the IP header and looks up next hop, where what the device needs is a) outgoing interface b) how to reach next hop using layer 2 protocol of the interface. Then the device constructs an appropriate layer 2 header and sends the packet to the next hop device, which more or less does the same. So, actually your PC needs mac address of your router's interface to which it is connected to send the packet somewhere outside of the subnet.

Does the link layer in the TCP/IP stack derive the MAC address of the NICs that are to receive data packets based on the destination's IP address?

I am trying to understand the functioning of the different layers in the TCP/IP stack, and I just wanted some clarification on how the link layer derives the MAC address of NICs to receive packets.
This isn't a function of TCP/IP, per se. Instead, the ARP (Address Resolution Protocol) is used in IPv4 to translate the destination IP address to the correct MAC address.
This is accomplished by the stack by first determining if the delivery is local (within the subnet) by comparing the destination to the configured network mask. If it is local, ARP will be used to generate broadcast frames at the link layer, attempting to resolve the known IP address to the known MAC address.
On the other hand, if the destination IP address is determined not to be on the local subnet, the ARP protocol will be used to send a broadcast ARP at the link layer to discover the MAC address of the router that should be used based on the configured routing table.
Using IPv6, ARP is eliminated and replaced with multicast (more specifically, solicited node multicast) using the Neighbor Discovery Protocol over ICMP6.

How does ARP reads destination IP address as its Layer 2 protocol

By searching on internet I got information that Address Resolution Protocol (ARP) is Link Layer (L2) protocol. As per ARP functionality it broadcasts to entire network to check to whom this specific IP belongs to get its MAC address.. but as ARP is L2 protocol, how does it knows destination IP address as IP's are encapsulated in L3 and L2 protocol can't read it
Layer 3 and above are located in the "Payload" part of an ethernet header.
As you can see here the ARP packet also contains IP addresses from its sender and receiver:
ARP packet contain source HW address and src IP address as well as destination HW address and destination IP also .
when ARP resolution happens, means when ARP send request and get response from same destination,ARP update the destination IP in arp_entry .
I would like to elaborate on the previous questions.
first, here it is the case where you can't really apply the model. ARP is sometimes layer 2 and sometimes layer 3 (the similar functionality in IPv6 is done with neighbor discovery protocol, which is carried in ICMP packets)
ARP packets do not carry IP payload. They only carry ARP packets. See other answers for the format
ARP is executed by two end-hosts, which both have to implement both layer 2 and layer 3
ARP is initiated by layer 3, when layer 3 tries to send packet to an IP address on the local network.
ARP is processed by a host, which implements both layer 2 and layer 3. A host without layer 3 cannot have an IP address.
Intermediate layer 2 systems generally cannot process ARP requests, past forwarding ethernet packets with broadcast destination MAC

How are MAC addresses used in routing packets?

I recently found that packets are encapsulated within ethernet frames. Packets use IP addresses, frames use MAC addresses.
Why aren't IP addresses used in ethernet frames for routing? I understand that when trying to access a basic website, the computer goes to a DNS to find the IP address relevant to the user-entered domain name. How do computers find the correct MAC address?
Really, how are MAC addresses used in routing internet traffic?
Thanks
IP packets aren't always encapsulated in Ethernet frames. There are other physical media such as ISDN, etc. When packets are routed, IP addresses are used to determine the next hop and the physical address is used to physically identify the interface serving as the next hop. Only the former (determining next-hop) is usually called routing.
To answer your second part, MAC addresses are discovered through ARP (Address Resolution Protocol) in IPv4 & ND6 (Neighbor Discovery) in IPv6.
Update:
The destination IP address in the IP header is the final destination. In the process of routing (at each hop), you get the next hop's IP address to (eventually) reach the final destination from the routing table (this could be a default gateway's IP address). To send the packet to the next hop, you need its MAC address. While hopping through intermediate links, the IP address in the IP header don't change - only the MAC addresses change.
Bit late but still here is my answer :) ...
To send data you need two address, the MAC address and the IP address.
Basically the sending host will ARP for a MAC address, this occurs when the local host doesn't know the MAC address of the host it has an IP address for or it will ARP for the default gateway MAC address (if it doesn't already know it) if the IP address in on a different subnet/ network. Once it obtains a MAC address the IP packet is encapsulated in a L2 frame and sent across the media. If the IP packet is meant for a host on a different subnet/ network, it will be sent to the default gateway, this router will de-encapsulate the L2 frame (remove and discard it) check the IP address and will forward it. For the router to do this it needs a MAC address to send it over the media, It will look up the next hop in it's routing table, encapsulate the IP packet with the same source and destination IP address that was sent from the original host into a new L2 frame. This time the MAC address for the source address will be that of the forwarding interface of the router, and the receiving interface of the next hop will be the destination MAC address. This will continue from hop to hop until it reaches the final host, each time the MAC addresses will change, but the original IP address will remain the same.
Here's the key point -- there can be more types of packets than INTERNET traffic. You could be using IPX, which is non-routable. How do clients identify each other? By the MAC address.
Routing != Addressing, which is really where the MAC comes into play.
In order to be routed, the OSI model adds a layer to allow for path discovery to the next gateway. This layer is responsible for routing, but knows nothing about the MAC address.
As a side note, at the hardware level, MAC addresses ARE used by switches, but not for routing. From How Stuff Works:
The switch gets the first packet of data from Node A. It reads the MAC
address and saves it to the lookup table for Segment A. The switch now
knows where to find Node A anytime a packet is addressed to it. This
process is called learning.
In this way, a switch can make sure that traffic is only outputted to the correct port. This isn't accomplishing routing so much as reducing network congestion. Only broadcasts and traffic destined specifically for that MAC address should be sent out the port.
Recently I have been thinking about the same and came upon this question. Here is my answer to this question. Actually MAC address is needed for correctly sending the packet to right destination. This is specially true when packet is needed to sent over a VLAN. There can be multiple switches/routes connected on that VLAN over multiple physical interfaces. However IP Routing is unaware of these physical interface. It only knows about the logical connectivity. For example, route 10.10.10.0/24 is reachable via VE/VIF0.10(logical VLAN interface) and/or nexthop neighbor is 20.20.20.1. There could be multiple interfaces under VLAN 10. Then to which interface packet is sent out? This is where ARP comes in the picture. ARP helps to discover the MAC address associated with the next-hop IP address. When switch/router learns the nexthop MAC. along with that it learns the physical interface also via which that MAC is reachable. Hence while routing packet, firstly MAC corresponding to the destination IP is searched and then the physical interface associated with that MAC is searched. Finally packet is sent out via that physical interface. The MAC corresponding to that destination IP is used as destination MAC. In absence of this, routed packets will always be flooded in the outgoing VLAN.
Hope this helps.
Thanks.
Answer: MAC addresses are not used in the process of routing of a packet.
segment -> transport layer (TCP ports)
packets -> network layer (IP addresses)
frame -> data link layer (MAC addresses)
bits -> physical layer (electric/optical signals)
Create your own packet/segment visit http://wirefloss.com/wireit/
There are 2 models (TCP/IP and ISO/OSI)
In detail:
Your app has some data. This is encapsulated by mentioned layers. Encapsulation means that a header with fields is added at each layer. If your data never leave the local network the MAC address will be the same. Once your data needs to be delivered outside your network the frame header is stripped by router and is replaced by router fields.
UPDATE 2021: Some people seems never heard of ISO OSI model and put this answer as incorrect.

hop to hop communication

If we are in the same network, then hop to hop communication takes place by layer-2 devices such as switches, bridges, etc. that work at the MAC layer.
But if we have to send packets to a destination in some other network then hop to hop communication takes place through routers.
Is this correct?
Your statements are conceptually correct, though the details are not quite right.
A layer 3 protocol like IP can route a packet from its source to its destination across the entire Internet, but a layer 2 protocol like ethernet can only route packets for a single hop. When a device transmits a packet on a TCP/IP network, it must know the ethernet (layer 2) address of the next hop and the IP (layer 3) address of the packet's final destination.
Let's look at the two cases you describe, using a scenario where a user on Device A knows the IP address of Device B and wants to send it a packet.
Devices on the same (unswitched) subnet
The user on Device A issues the command ping 10.1.1.23.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 10.1.1.23.
Device B recognizes the IP address as its own and answers the request by returning a packet with its IP and ethernet addresses as the source, and Device A's IP and ethernet addresses as the destination.
Now Device A has everything it needs to communicate with Device B. Every packet it transmits to Device B will have the proper ethernet and IP addresses as the destination.
Devices on the same (switched) subnet
The user on Device A issues the command ping 10.1.1.23.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 10.1.1.23.
A switch receives the packet on one of its ports and retransmits the same packet on whichever port is connected to Device B. This is the only significant difference between switched and unswitched subnets.
Device B recognizes the IP address as its own and answers the request by returning a packet with its IP and ethernet addresses as the source, and Device A's IP and ethernet addresses as the destination.
Now Device A has everything it needs to communicate with Device B. Every packet it transmits to Device B will have the proper ethernet and IP addresses as the destination.
Devices on different subnets
The user on Device A issues the command ping 8.8.8.8.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 8.8.8.8.
The address 8.8.8.8 is on a different network, so no local device recognizes the address as its own. However, a router sees the packet, checks its routing tables, and sees that it knows how to forward packets to the 8.8.8.x network. So the router replies by returning a packet that has its own ethernet address as the source.
Now Device A can communicate with Device B by sending packets that have a destination IP address of 8.8.8.8, but the router's ethernet address as their destination.
The router receives the packets because they are destined for its ethernet (layer 2) address, but it notices that their destination IP (layer 3) addresses are different from its own, and so it forwards them to whatever address is stored in its routing table.
Yes, you are correct. To access other networks (networks on a different subnet) a client will route the traffic to its default gateway, which will encapsulate the traffic and route appropriately. For communicating on the same network only a layer 2 switch is required.

Resources