The data link layer is concerned with services such as physical addressing, network topology, physical link management, synchronization, error control, and flow control. The data link layer is divided into two sub-layers: the media access control (MAC) layer and the logical link control (LLC) layer just above it. The MAC layer controls how computers on the network gain access to the network in order to transmit data on it. The LLC layer controls services such as packet synchronization, flow control, and error checking.
Network Interface Card (NIC)
The modern Network Interface Card (NIC) is an example of a device that operates at the data link layer. To clearly understand how networks function, you must understand how the NIC works. For a network to function, there must be a mechanism in place to deliver packets to network nodes. This mechanism must give each system a unique identifier, just like a house has a unique address. Inside of every NIC burned into a ROM chip is a 48-bit value called the media access control address, or MAC address. The MAC address is the equivalent of a house’s street address. The address is unique and does not change. No two NICs should ever share the same MAC address. Organizations that manufacture NICs or equipment that has NICs built-in, must register with the IEEE and request a block of their own MAC addresses. They use the block of MAC addresses to assign them to the individual NICs they manufacture. MAC addresses are generally expressed as a 12 digit HEX number rather than a 48-bit number. To figure out what a NIC’s MAC address is, you can do so by opening a command prompt and typing IPCONFIG /all. The data link layer is where most local area network (LAN) is defined. Among the most common technologies and protocols generally associated with this layer are Ethernet, Token Ring, FDDI, ATM, SLIP, and PPP. On modern networks, the most common data link protocol is Ethernet. For two network hosts to be able to communicate directly with each other, they must communicate using the same layer 2 protocol.
Network Switches
Network Switches are very common on modern networks. Network switches are actually multi-port bridges. The purpose of a switch is to receive data from any device connected to it and then re-transmit the data only to that device for which the data was meant. This makes the switch a more intelligent device than a hub. The switch uses the MAC address to determine how to move packets between its ports so that it can deliver them directly to the intended recipient. Network Switches maintain MAC tables in memory. They use these tables to track the MAC addresses they “learn” about as traffic passes through the device. When a switch sees a packet for the first time being received on a port, it tracks the MAC in its MAC table for that port. If it receives a packet that is destined for a MAC address that it has learned, it switches the packet to the correct port. If a switch comes across a MAC address it has not learned about, it switches the packet on all ports and all of the nodes connected to the switch will receive the packet for further inspection. Unlike traditional LANs using hubs, network switches allow nodes to transmit at the same time without causing collisions on the network. Switches have allowed networks to move above the 10 MHz range communicating in Full Duplex.
How is the Data Delivered?
Conceptually, we know that data is converted into zeros and ones to be placed on the network. How does this actually work? Well, the NIC uses electricity to send and receive data. A zero equals no electrical signal, while a one does equal an electrical signal. Data moving on the wire is seen as a pattern of electricity. The next question is, how does this pattern of electricity reach the target system? It starts with the NIC putting the data chunks, also known as frames, on the network media. These frames are read by NICs, whether the NICs belong to a computer, switch, router, or any other network device. The frames begin with the MAC address of the target system. In addition, the frame will contain the MAC address of the source system followed by the actual data being carried in the frame. The end of the frame contains a section called the CRC, or cyclic redundancy check, which is used to ensure that the frame’s integrity is intact. When the network switch receives the frame, it will check its MAC tables (as we previously discussed) to determine which port to switch the frame. The frame continues on its way until it reaches the target system. Once the target system receives the frame, the target NIC brings the frame into the system and up the network stack for processing. The target system will continue to receive frames and eventually when all of the frames are received, the data is presented to the application. If you have been reading along, the next logical question is how does the source system get the MAC address for the target system? Well, if the source system has not yet communicated with the target system, the source system will send out a special broadcast packet called an ARP (address resolution protocol). When a system sends out an ARP packet, it creates a frame with a target MAC of FF-FF-FF-FF-FF. This frame is received by all network nodes on the same subnet. The frame does contain the target IP address, so each node will accept the broadcast frame and check to see if their IP address matches the payload. The network node that finds a match will respond to the source with an ARP reply providing the source system with its MAC address. Once the source system has the target MAC Address, the two systems can directly communicate with each other.