Layer two is the layer of the network that lies above the physical cables, but below Internet Protocols and other session based protocols. Understanding layer two helps with diagnosing problems that might occur between your PC and the router that takes your communications off of your local network and into the greater intranet or the Internet.
In this first installment I'm going to cover some basic terms and describe the basic equipment. In the second installment we'll go over an example network and hopefully tie together how the things work. If I get to a third segment I should be able to step up to the next level of our network model and tie some networks together.
The real purpose of this article isn't to educate you - it's to cement these ideas in my mind in a way that is accessible to people I talk to on a daily basis. If you find this useful you're welcome to copy it in any way you like. I hereby dedicate it to the public domain.
The addressing scheme
Your network card
The Hub, extender and bridge
Routers and other gateways
Layer 2 refers to the second layer of the 7 layer OSI networking model. Although there are other models that describe network architecture the OSI model is the accepted standard for most people. Layer two is the level that defines a "network". Below this level are devices and media. Above this level are internets and intranets. This topic is a network. We'll cover for completeness virtual networks and touch on routing between virtual networks because these are issues that are dealt with on this OSI networking level.
IEEE 802.3 is the name of the working group that invented Ethernet and documented these standards which are still in use today, though most of the technologies were first invented by Robert Metcalf.
IEEE 802.11 is the name of the working group that adopts standards for wireless Ethernet.
There are other ways to do networking than Ethernet. They're all odd and/or dead, so I won't cover them here.
An octet is 8 bits. The term byte is technically the size of word that the information processing system can handle, but let's not be pedantic. For the purpose of this article a byte is an octet is 8 bits and is represented by eight binary digits, two hexadecimal digits or a value from 0-255.
Packets, datagrams and frames are not quite the same things. Despite this the terms here will be used interchangeably to refer both to the information being passed (data) and the control information that describes that information and how to get it to where it's going (header). The purpose of this is to make the information more accessible. If you can't deal with this please cite somebody else. Communication is not well served by excess precision.
We'll be discussing wired Ethernet over copper. For most of the material wireless networking is similar, but hopefully I'll find time to write them up in detail another time. For now the problem is big enough so I'll stick with wired networks using Cat 5e or better media. Fiber is an important part of modern networking, but fiber networking at layer two is similar enough that I can probably avoid discussing the differences. There are other ways to do networking, but either they're of historical interest or special purpose use only.
The network under discussion here will be only a single Local Area Network and the discussion will end at the first router we come to. Once a router re-addresses your data, it's no longer on the same network and passes beyond this topic. The only exception is when we get to VLANs, for which a cursory discussion of routing is necessary, since VLANs are common parts of modern networks and appropriate for discussion at layer 2.
The addressing scheme
For layer two ethernet we have a special sublayer, the Media Access Control or MAC layer, that deals with addressing. The rules are pretty simple. A MAC address uniquely identifies a particular access device that will receive packets. A MAC address is typically 6 bytes, or 48 bits. MAC addresses are usually written as pairs of hexadecimal digits, called out in the order of transmission, such as 01-02-03-0a-0b-0c or 01:02:03:0a:0b:0c. In both of these cases the first half is referred to as the organizationally unique identifier (OUI) and the second half is the network interface controller (NIC) specific ID. The original purpose for this was to allow for specific network controller vendors to identify their products in the MAC address and still leave a way for each NIC on a LAN to have a unique ID. Since this is 30 years later, you can probably anticipate that we've run out of numbers and individual vendors have multiple OUIs, and MACs are no longer deliberately unique. That's OK, though, because these days MAC address is a configurable part of the NIC and so if you have two with the same number (address collision) you can fix it.
It's counter-intuitive, but it works. On the ethernet at layer 2, the system is deliberately unreliable. There is no error detection or correction mechanism. The ethernet delivers packets on a "best effort" basis. Unexpected packets received on a port are ignored. Packets to unknown hosts are just discarded. At Layer 4 we get systems that handle detecting if communication was successful, but the equipment at layer 2 literally doesn't care. Reliable methods have been tried, but failed to keep up with the speed of Ethernet and were ultimately discarded or pushed into specialized applications.
The packet consist of a header and your data. If you have no interest in programming or network analysis you can safely skip the rest of this part. The header consists of a preamble that identifies the packet as an ethernet frame. It's 7 bytes with the value 10101010. This is the signal that lets the receiver know there's data coming down the wire. It's followed by the start of frame indicator, which is a single byte with the value 10101011. Then comes the MAC destination address, then the MAC source address. The next field is rather tricky.
An optional field, the 802.11Q field, goes here. If present, the first two bytes are 0x8100, because this value is an invalid value for other packet formats. This is called the Tag Protocol Identifier (TPID). If this value is present then an additional field called the Tag Protocol Identifier (TPI) of two bytes will follow. The TPI identifies VLAN and QOS, and will be described later.
Next comes the Ethertype field. This is two bytes. For 802.3 ethernet this is the length of the packet and valid values are between 64 and 1522 bytes.
Next comes the data, which can be between 46 and 1500 bytes.
Last comes a 4 byte field, which represents the result of performing an error detection algorithm called CRC-32 on the rest of the packet. The sender computes this value when sending the packet and adds it to the end. When the receiver performs the calculation on the received packet it's exceedingly unlikely that the computation will result in the CRC data unless the packet was transmitted correctly.
And that's all. If a packet is less than 64 bytes, which isn't allowed given the required data above, it's called a runt and discarded.
Your network card
I'm writing this in February of 2009. Current technology is gigabit ethernet, which is probably the same capacity you plug it into. Your network interface controller (NIC) allows your computer to connect to the physical cable and communicate with the network. If you have a laptop it almost certainly has a network port you can connect to the network. Network administration is a vast and variable field. Some networks only allow connections by known systems, or have other restrictions. We are not going to cover those issues here. It's assumed the typical permissive network found in business or homes is used.
Your NIC plugs into a wire with four twisted pairs of wires, and from there to a switch, possibly with a wall jack and premises wiring in between. Since premise wiring is just simple copper connections that extend the wires we'll ignore them here.
Until your NIC has a physical connection to another device and they've worked out between them out to communicate, you're not "on the network".
Your NIC or your switch or both might only be capable of 100 million bits per second (100Mbps, or fast ethernet). You might be connected directly to another PC's network card directly, which is "technically" a network, but we won't discussed this odd case. Whether you need normal cable, called a "patch" or "straightthrough" cable, or a special cable that reverses the send and receive signals called a "crossover" cable depends on a number of factors. Most NICs and switches these days have a feature called "Auto MDI-X" that straightens out these issues. Switches and network cards can also discover between them which speed each supports and automatically use this speed. The only trap here is that the cable standards for modern networking are very strict. If both the sender and receiver are capable of faster communication than the wire between them, they will suffer a horrible connection. If this happens to you, throw out the old cable and get a new one. They're cheap.
Almost all computers these days come with at least one gigabit ethernet port, but they're not all the same. A high end ethernet controller is a microcomputer in itself and handles almost all aspects of the communication. Built in controllers often use the processor to calculate the checksum and for various other things, and system memory to hold the packets during processing. Built in controllers are getting better these days though and processors are powerful enough to handle this so you don't have to worry about that too much unless your needs are pretty extreme - and then you wouldn't be reading this anyway.
Now look: gigabit isn't currently the top of the networking food chain. It's not even close. Unlike other IT infrastructure, networking usually progresses by 10s. The previous generation was 100 million bits per second. The current standard is 1 billion bits per second, or 1 gigabit. 10 gigabit ethernet is now widely available, and 100 gigabit is in development. There are bizarre unrelated networking protocols like Infiniband. You don't need to worry about that right now. Today gigabit ethernet is where it's at, and it's more than enough for most of the stuff you want to do if you're my target audience.
The link is shorthand for the successfully connected physical medium that data passes over.
The Hub, extender
These devices are historical oddities. If you find one, throw it away and replace it with a switch. If you don't know what these are, don't worry. You don't need to know about this. You don't want to try it.
Although some people are trying to get this named a "network bridge" its common name is "switch". This is the key piece of equipment we'll be talking about. Switches come in many varieties and capabilities and can cost more than a half million dollars on the high end or less than 50 dollars on the low. Some switches are capable of performing "routing" at OSI model layer 3, but we won't discuss this here - we'll only consider layer 2 switching, which all switches use. The switch receives the packet from your NIC. If the NIC in the destination address is directly connected to the switch, the switch forwards it out directly to that NIC only. If the destination address isn't directly connected then a couple of things can happen. If the switch has a layer 2 routing facility like "Spanning Tree Protocol" and is connected to a similarly equipped switch, then it can know which port on the switch to forward the packet through and send it through that. Otherwise the switch forwards the packet out all of its ports except the one it was received on, or drops it depending on the switch configuration.
An unmanaged switch doesn't do QOS. It doesn't do VLANs. It probably doesn't do spanning tree. It doesn't have storable and recoverable configurations. Since managed switches start at under $200 for an 8 port gigabit switch these days, get a managed switch unless you know why you don't need one.
Earlier we discussed the 802.11q part of the packet header. In addition to QOS this field has 12 bits to designate the "virtual local area network". When both ends of a link are capable of 802.11q, and are configured to use it, up to 1024 VLANs are possible. In practice not all switches are capable of using any, and some only support a limited number. In most cases only servers access more than one VLAN on a single link.
So what's a VLAN? In as much as a LAN is a physical network, a "virtual lan" is some subset of the physical network. By applying a number to the VLAN it's possible to do a number of useful things. You can separate communication between servers and equipment based on role, and change the relationships in the switch software without rerouting the physical wires in the walls. This allows the network administrator to assign the accounting department to their own network, for example, so that the sales department can't inadvertently access PCs in the accounting department. They can also screw up this configuration so that an attentive user can access all VLANs by leaving all VLANs and QOS configured on the user's port by default.
A port on a switch can be dedicated to a particular VLAN, and then all traffic received on that port from the end user will belong to that VLAN. If the person at that network port moves to another desk on another floor, it's possible to restrict his access only to the network resources that are appropriate for him. Inside the network the VLANs share physical links, but switches will not pass information from one VLAN to another. In order to get a packet from one VLAN to another, a router is required.
One trick with VLANs is that you can have a two sets of switches that support, say, VLAN 11, with unmanaged switches or switches or ports configured to not pass VLAN 11 between them. In this case these two VLANs, though they share a VLAN number and physical connections, are isolated from each other. Spanning tree protocol can wind up blocking the transfer of packets on a particular VLAN if configured incorrectly.
In addition, a LAN is a broadcast domain. Layer 2 networking contains a facility for sending one packet to all receivers on all ports on all switches on that network. Having too many users in a broadcast domain increases the likelihood one of them will go crazy and create a "broadcast storm". By segregating subsets of customers in VLANs, it's possible to limit the scope of such a malfunction.
QOS is about traffic priority. If you're doing VOIP or streaming video on your network and you require a connection that doesn't stutter then you probably need QOS.
One problem we get into here is that the QOS standard for networking, 802.1p, is differently implemented by various networking equipment vendors. They've all got whiz-bang features that justify their proprietary features. After all, the standard is only 15 years old. It specifies 8 priority "bins". How it's implemented is not specified and left to implementation.
Most switching equipment vendors allow users to prefer a minimum percentage of a link to a particular bin. Then if no traffic is in that bin the bandwidth is allowed for other traffic, but if a stream occurs on a link then it's permitted to consume up to the minimum percentage without hindrance by other traffic on the line. When the communication passes through a link that doesn't support this, the tags are lost, so QOS delivery is limited to the segments of the network that directly support it.
How you would use it is home, for example, is that you have a switch that supports QOS, a video server with your home movies, and a mythTV box that you watch movies on. Naturally if your spouse is downstairs downloading remastering the video on your file server of the family Christmas event you don't want that to degrade your viewing experience of Office Space. So you configure the video server with a QOS of 2 on the your Video VLAN, VLAN 90. Then you tell the gigabit switch that the port to your mythTV box is VLAN 90 and that the QOS for bin is 20%. Magically your mythTV box has a minimum of 20% of its link for video. This oversimplified example skips the part where you need at least two switches before this is useful.
This is more of a business thing. There are two types of "trunking". The first is where you use one link to pass multiple VLANs. The second is where you use multiple individual links between two switches to increase the bandwidth between them. We're not going to worry about this right now.
Routers and other gateways
When traffic leaves the LAN it must pass through a gateway to an off-network device or network. For the purposes of this topic a router or gateway is just another computer. When we get to connecting VLANs together I'll cover this a little bit, but not a lot.
The main discussion.
Whew! That was a lot of background. I don't know about you, but I'm glad it's over. Let's do some network engineering now in another post.