Pat Shuff's Blog

  • Iaas
    August 9, 2016

link layers 2 and 3

We are going through the OSI 7 layer stack and looking at the different layers. Yesterday we stared the discussion by looking at Kevin Fall and Richard Steven's book TCP/IP Illustrated Volume 1. In this book they describe the different layers and look at the how, what, and why of the design. Today we will focus on layers 2 and 3 the link layer and network layer.

Alternate sources of information about these layers can be found at

Layer 2 is basically a way of communicating between two neighbors. How many milliseconds a bit of data is kept on the wire, physical addressing, and aggregation of data packets are defined here. If you have ever wondered what a MAC Address is, this is where it is defined. Vendors are given a sequence of bits that indicate the address of a device that they create. Note that this is not your ip address but a physical sequence of bits as defined by the Institute of Electrical and Electronic Engineers (IEEE) 802 definition. The data packet consists of six octets of data with the first three octets identifying a corporation or manufacturer and the second three octets representing a unique sequence number of a device that the vendor manufactured. An example of this would be the MAC address on my MacBook Pro, 00:26:b0:da:c8:10. Apple is assigned 00:26:b0 as the identifier for their products. My specific laptop gets the identifier da:c8:10. When a data packet is placed on the internet through a hard wired cable or wifi it is placed there with the unique MAC Address of my laptop. When data was generated and consumed by physical hardware these addresses meant something. With virtualization and containers the MAC Address has become somewhat meaningless because these values are synthetic. You really can't determine if something came from an Apple product because we can map the above MAC address to a virtual machine by defining it as a parameter. It is best practice not to use the same MAC address is a physical network because all of the computers with that address will pick up the packet off the wire and decode it.

Layer 3 is the communication protocol that is used to create and define packets. With Apple for example, they defined a protocol called Appletalk so that you could talk between Apple computers and devices. This protocol did not really take off. Digital Computers did something similar with VAX/VMS and DecNET. This allowed their computers to talk to each other very efficiently and consume a network without regard for other computers on the network. Over the years the IP protocol has dominated. The protocol is currently in transition from IPv4 to IPv6 because the number of devices attached to the internet have exceeded the available addresses with the protocol. The IPv4 protocol consists of a dotted-quad or dotted-decimal notation with four fields that denote networks. For example, is a valid ip address. All of the four fields can range from 0 to 255 with some of the values reserved. For example, is not considered to be a valid address and neither is because they are reserved for special functions. IPv6 uses a similar notation but addresses are denoted as eight blocks of 16 bit values. An example of this would be 5f05:2000:80ad:5800:58:800:2023:1d71. Note that this give us 128 bits rather than 32 bits to represent an address. IPv4 has 4,294,967,296 possible addresses in its address space, and IPv6 has 340,282,366,920,938,463,463,374,607,431,768,211,456.

With IPv4 addressing there is something called classes of networks. A class A network consists of a leading zero followed by seven bits to define a network and 24 bits to define a specific host. This is typically not used when talking about cloud services. A class B network consists of a leading 1 and 0 followed by 14 bits to define a network and 16 bits to define a host. Data centers typically use something like this because they could have thousands of servers in a data center. A class C network consists of a leading 110 followed by 21 bits to define the network and 8 bits to define a host. This allows 256 computers to be on one network which could be a department or office building. A class D network starts with 1110 and is considered to be a multicast broadcast. If something is written with this sequence, the packets are written to all hosts on the network. All hosts should but are not mandated to pick up this packet and look at the data element. A class E network starts with 1111 and is considered to be reserved and not to be used. The image from Chapter 2 of TCP/IP Illustrated Volume I shows the above visually.

This comes into play when someone talks about netmasks. If you are talking about a it means that you are ignoring the leading 16 bits and looking at the remaining 16 bits to use for routing. You might also see which means that you use the last 24 bits to route the data. If you set your netmask to be it means that you are using a class B network with the first 16 bits defining the corporate network, the next 8 bits defining the subnet in the company, and the last 8 bits to define the specific host. This means that you can have 255 subnets in the company and 255 computers on each network. A netmask of suggests that you are not going to route outside of your subnet if the first three octets are the same. What this means is that a router either passes the packets through or does not pass the data through based on the netmask and ip address of the destination.

You might hear the term CIDR (Classless inter-domain routing). This term refers to how to get to and from a host if there are multiple ways of traversing the network. We will not get into this but netmasks are good ways of limiting routing tables and spanning trees across networks. This is typically a phrase that you need to know about if you are looking at limiting communication and flow of addresses across a data center.

Earlier we talked about reserved networks and subnets. Some of the network definitions for IPv4 are defined as private and non-routable networks. A list of these addresses include

  • Hosts on the local network. May be used only as a source IP address.
  • Address for private networks (intranets). Such addresses never appear on the public Internet.
  • Internet host loopback addresses (same computer). Typically only is used.
  • “Link-local” addresses—used only on a single link and generally assigned automatically.

    Address for private networks (intranets). Such addresses never appear on the public Internet.
  • Address for private networks (intranets). Such addresses never appear on the public Internet.
  • IPv4 multicast addresses (formerly class D); used only as destination addresses.
  • Reserved space (formerly class E), except
  • Local network (limited) broadcast address.

Multicast addressing is supported by IPv4 and IPv6. An IP multicast address (also called group or group address) identifies a group of host interfaces, rather than a single one. Most cloud vendors don't allow for multicast and restrict use of communications to unicast from one server to another.

Some of the additional terms that come up are network address translation (NAT), border gateway router (BGP), and firewalls come up around networking discussions. We will defer these conversations to higher layer protocols because they involve more than just the ip address. BGP can be a simple definition that just drops ip addresses and does not pass them outside the corporate network independent of the netmask that the source host uses. If, for example, we want to stop someone from connecting to an ip address outside of our network and force it to go through a firewall or packet filter device a BGP can redirect all traffic through these devices or drop the packets.

In summary, we skimmed over routing. This is a complex subject. We mainly talked about layers 2 and 3 to introduce the terms MAC address, IP address, IPv4, and IPv6. We touched on CIDR and routing tables as well as reserved addresses and BGP and NAT. This is not a complete discussion on these subjects but an introduction of terms. Most cloud vendors do not support multicast or anycast broadcasts inside or outside of their cloud services. Most cloud vendors support IPv4 and IPv6 as well as subnet masking and multiple networks for servers and services. It is important to understand what a router is, how to configure a routing table, and the dangers of creating routing loops. We did not touch on hop count and hop cost because for most cloud implementations the topology is simple and servers inside a cloud implementation is rarely a hop or two away unless you are trying to create a highly available service in another data center, zone, or region. Up next, the data layer and the IP datagram.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.