Layer 2 of the OSI model, also known as the Data Link Layer, is crucial for ensuring that data packets are correctly framed and prepared for transmission, making it the backbone of network communication.

This article explores the complexities of Layer 2, including its functions, Ethernet frame composition, and the critical role of MAC addresses in seamless data delivery.

When upper-layer protocols communicate, data flows down the Open Systems Interconnection (OSI) layers and is encapsulated into a Layer 2 (Data Link Layer) frame.  Encapsulation involves prepending protocol information from another protocol.

The OSI Data Link Layer is responsible for preparing an IP packet for transmission over the Physical Layer (Layer 1).

Frame composition depends on the media access type. In a local area network (LAN) environment, if the upper layer protocols are TCP and IP and the media access is Ethernet, then Layer 2 frame encapsulation will be Ethernet II.

Ethernet, a family of wired computer networking technologies, specifies 802.2 and 802.3 protocols that operate at Layer 1 and Layer 2 of the OSI model.

IEEE 802.3 data encapsulation includes:

  • Ethernet frame: The internal structure of the Ethernet frame.
  • Ethernet Addressing: Source and destination media access control addresses (MAC addresses) to deliver the Ethernet frame from one Ethernet network interface controller (NIC) to another on the same LAN.
  • Ethernet Error Detection: A frame check sequence (FCS) trailer used for error detection.

In an Ethernet network, each network interface controller (NIC) checks every arriving frame to see if the destination MAC address matches its own MAC address. If there is no match, the device discards the frame. If there is a match, the NIC passes the frame up to the next OSI layer.

Ethernet Frame Structure and Functions

An Ethernet frame specifies the location of the destination and source media access control (MAC) addresses, and additional information such as preamble for sequencing and timing, start of frame delimiter, length and type of frame, and frame check sequence to detect transmission errors.

The size of Ethernet frames is typically between 64 and 1518 bytes, excluding the preamble field.

Each Ethernet frame can carry 46 to 1500 bytes of user data, with the data field containing the Layer 3 protocol data unit (PDU) or an IP packet.

Frames smaller than the minimum size or larger than the maximum are considered invalid and discarded by the receiving device.

Jumbo frames, which are frames larger than 1500 bytes, are usually supported by most Fast Ethernet and Gigabit Ethernet switches and NICs. Collision fragments or runt frames, which are frames less than 64 bytes in length, are automatically discarded by receiving stations.

Sublayers of the OSI data link layer

IEEE 802 LAN/MAN protocols utilize two separate sublayers of the OSI Data Link Layer to operate:

  • Logical Link Control (LLC): The LLC sublayer places information in the frame that identifies which network layer protocol is being used. This allows multiple Layer 3 protocols, such as IPv4 and IPv6, to use the same network interface and media. It is responsible for controlling the network interface card through software drivers.
  • Media Access Control (MAC): The MAC sublayer (such as IEEE 802.3, 802.11, or 802.15) is implemented in hardware and is responsible for data encapsulation and media access control. It provides data link layer addressing and integrates with various physical layer technologies.

MAC Addresses: Structure and Importance

MAC address - media access control address - a unique address that is burned into a network interface controller (NIC). It directs data from a particular device to a specific network destination and is a 48-bit binary value.

MAC addresses are typically displayed as 6 sets of two hexadecimal numbers (0 to 9 and A to F) separated by dashes or colons.

MAC address example: 15-0F-A3-45-9C-57

Hexadecimal is used because a single hexadecimal digit represents four binary bits, allowing the MAC address to be expressed using 12 hexadecimal values.

Leading zeroes are always displayed to complete the 8-bit representation.

binary: 0000 1010 -> hexadecimal: 0A

Hexadecimal numbers are often represented by the value preceded by 0x (e.g., 0x73) to distinguish between decimal and hexadecimal values in documentation.

Hexadecimal may also be represented by a subscript 16, or the hex number followed by an H (e.g., 73H).

To convert between decimal and hexadecimal values, convert the decimal or hexadecimal value to binary, and then convert the binary value to either decimal or hexadecimal as appropriate.

Two parts of MAC addresses:

  1. Organizationally Unique Identifier (OUI) - a 24-bit (6 hexadecimal digits) vendor code assigned by IEEE. Any vendor selling Ethernet devices must register with the IEEE (Institute of Electrical and Electronics Engineers) to ensure the vendor is assigned a unique 24-bit code, which becomes the first 24 bits of the MAC address.
  2. Device Identifier - a unique 24-bit (6 hexadecimal digits) value within a common OUI. The last 24 bits of the MAC address are generated per hardware device. This helps to ensure globally unique addresses for each Ethernet device.

www.Wireshark.org provides an easy-to-use OUI lookup tool .

Types of MAC Addresses: Unicast, Broadcast, and Multicast

In Ethernet, different MAC addresses are used for Layer 2 unicast, broadcast, and multicast communications.

Unicast MAC address

A unicast MAC address is the unique address used when a frame is sent from a single transmitting device to a single destination device.

The IP address and the MAC address combine to deliver data to one specific destination host. The process that a source host uses to determine the destination MAC address associated with an IP address is known as Address Resolution Protocol (ARP) for an IPv4 address, and Neighbor Discovery (ND) for an IPv6 address.

Broadcast MAC address

A broadcast MAC address is the address that is used when a frame is sent from a single transmitting device to all the devices on a network.

The features of an Ethernet broadcast:

  • a destination MAC address of FF-FF-FF-FF-FF-FF in hexadecimal (48 ones in binary);
  • flooded out all Ethernet switch ports except the incoming port;
  • not forwarded by a router;
  • if the encapsulated data is an IPv4 broadcast packet, the packet contains a destination IPv4 address of all ones (1s) in the host portion.

Multicast MAC address

A multicast MAC address is the address that is used when a frame is sent from a single transmitting device to a selected set of hosts on a network.

The features of an Ethernet multicast:

  • For an IPv4 multicast packet - a destination MAC address is 01-00-5E. For an IPv6 multicast packet, a destination MAC address - 33-33.
  • When the encapsulated data is not IP, there are other reserved multicast destination MAC addresses.
  • It is flooded out all Ethernet switch ports except the incoming port unless the switch is configured for multicast snooping.
  • It is not forwarded by a router unless the router is configured to route multicast packets.

Ethernet frame composition table - field descriptions and lengths.

 

   Field  Description
 1  Preamble and Start Frame Delimiter Fields Preamble - 7 bytes (seven octets of alternating 1010 sequences)
Start Frame Delimiter (SFD) - 1 byte (one octet that signals the beginning of the frame, 10101011)
Fields are used for synchronization between the sending and receiving devices. The first few bytes tell the receivers to get ready to receive a new frame.
 2  Destination MAC Address Field The field is the identifier for the intended recipient - 6 bytes.
This address is used by Layer 2 to assist devices in determining if a frame is addressed to them.
The address in the frame is compared to the MAC address in the device. If there is a match, the device accepts the frame. Can be a unicast, multicast or broadcast address.
 3  Source MAC Address Field The field identifies the originating NIC - 6 bytes. 
 4  Type / Length / EtherType 2-byte field identifies the upper layer protocol encapsulated in the Ethernet frame.
Common values are, in hexadecimal:
IPv4 – 0x800;
IPv6 – 0x86DD;
ARP – 0x806.
 5  Data Field 46 - 1500 bytes field contains the encapsulated data from a higher layer.
If a small packet is encapsulated, additional bits - “pad” are used to increase the size of the frame to the 64 minimum size.
 6  Frame Check Sequence Field (FCS) 4 bytes field is used to detect errors in a frame.
It uses a cyclic redundancy check (CRC).
Any errors are detected by comparing the CRC (cyclic redundancy check) value within the frame against a computed CRC value of the frame.
If the calculations do not match, the frame is dropped.