Skip to content
Practical TLS - October Sale
October is my birthday month, which makes for a good excuse to discount my most popular course: Practical TLS.

Use code OctBDAY2024b to get the course for $58 (originally $297).

Purchase here. Or, for more info on the top rated course on TLS, click here.

Code expires Oct 14, 2024.

Key Players

    Key Players

    This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.

     

    Packet Traveling

    The Internet is a fascinating blend of many different elements that all work together to create a world wide network of networks which allow billions of different devices to communicate. In this article, we will look at some of the key players of the Internet and the role each fulfills in order to achieve network communication.

    This list is far from exhaustive, but will cover the main “cast and crew” you will need to be familiar with in order to understand how a packet travels through the Internet.

    Host

    The term host is a generic term that implies any sort of end-device on the Internet. Any device which might be the original initiation of traffic or the final destination of traffic can be considered a host.

    Key Players - Hosts: Client and ServerThe traditional example would be your computer or laptop. But in these modern times, there are so many more: mobile phones, smart TVs, smart watches, certain cars, and even some refrigerators!

    Hosts run software and applications for the end user to interact with, and they also at some point need to put bits on a wire. As such, it is said that Hosts operate across all seven layers of the OSI model.

    In typical internet communication or network traffic, the two hosts in communication are often labeled as the Client or the Server.

    The Client is the entity initiating the request and is looking to acquire a piece of information or data or a service. While the Server is the entity receiving the request and has the information, data, or service that the Client wants.

    It should be noted that these terms are relative to specific types of communication.

    For example, when your laptop is browsing through a web page, your laptop is acting as the Client and the Web Server is acting as the Server. But when that same Web Server is then downloading software updates, it is now acting as a Client and communicating with an Update Server.

    Network

    A Network is simply two or more connected devices — typically grouped together by similar purposes or physical location. A network can take many different forms, for example:

    • A group of PCs in a classroom are all in the same physical space and would all belong to one network.
    • Any typical home network will include multiple laptops, mobile phones, or printers that are all tied to the same physical address. Therefore, all belonging to the same network.
    • A coffee shop which has WiFi will allow each of their customers to connect to the same WiFi Network.
    • A large company might use multiple networks, often separating them by job role. For instance, one network for all its accountants and another network for all its engineers.

    Depending on the purpose of each network, the devices within them will then communicate with other devices in the same network or other devices in different networks.

    Any time any of the Key Players discussed in this rest of this article series are connected to each other, you have a network. In fact, the whole Internet is nothing more than a series of Inter-connected networks.

    Switch

    A Switch is a network device whose primary purpose is to facilitate communication within networks.

    Switches operate at Layer 2 of the OSI model, which means they only look into each data-gram up to the Layer 2 header. The Layer 2 header contains information that enables hop to hop delivery, such as the Source and Destination MAC address.

    Key Players - Switch

    A Switch operates by maintaining what is known as a MAC Address table. This is a table that maps MAC addresses of devices plugged into each switch port. A typical switch has many ports, from 24 to 48, up to 96, or more.

    The MAC Address Table is populated by looking at the Source MAC address field of any received frames.

    In order to forward the frame, the Switch will lookup the Destination MAC address in their MAC Address Table to determine what port to use.

    If a Switch encounters a frame for which it does not know the location of the Destination MAC address, it simply duplicates and floods the frame out each switch port (except the port it was received on). This process will be examined more closely in another article in this series.

    Router

    A Router is a network device whose primary purpose is to facilitate communication between networks. Each interface on a router creates a network boundary.

    Routers operate at Layer 3 of the OSI Model, which means they only look into each datagram up to the Layer 3 header. The Layer 3 header contains information that enables end to end delivery, such as the Source and Destination IP Address.

    Key Players - Routers

    In the image above, notice that the router on the left (R1) and the router on the right (R2) create three separate networks (11.11.11.x, 22.22.22.x, and 33.33.33.x). R1’s right interface and R2’s left interface are both on the same network.

    The only way for the Client in the 11.11.11.x network to speak to the Server in the 33.33.33.x network is to forward the packet to R1, who will in turn forward the packet to R2, who will then finally forward the packet to the Server.

    A Router accomplishes all this by maintaining what is known as a Routing Table. This is a table that contains paths to all the networks a Router knows how to reach. These paths are sometimes known as Routes, and each entry contains an IP Network and either an interface or the IP address of the next router in the path to the target.

    There are multiple ways a Router can learn of a network and populate its Routing Table. We will look at some of those ways in a later article in this series.

    Keep in mind, from the perspective of each router, the Route Table is a map of every network that exists. If a router receives a packet destined to a network it does not know about, then as far as that router is concerned, that network must not exist. Therefore, when a router receives a packet destined to a network which is not in its Routing Table, that packet is discarded.

    Address Resolution Protocol (ARP)

    Earlier we discussed that MAC addresses are a Layer 2 addressing scheme. We also discussed that IP addresses are a Layer 3 addressing scheme.

    Key Players - ARP links L2 and L3What bridges these two addressing schemes is the Address Resolution Protocol (ARP).

    Typically, when two hosts are communicating, they already know each other’s IP address. They can know each other’s IP address from a variety of methods: sometimes it is manually provided by a user, sometimes by another protocol (often DNS). But the actual method employed is irrelevant (at least to this article series).

    However, what is definitely not known is their MAC addresses. The hosts will use ARP to discover the appropriate MAC address. To put it another way, ARP will use the known IP address, and discover the unknown MAC address. The discovered mapping is then added and stored in an ARP Table, which is a mapping of IP addresses to correlating MAC addresses.

    We’ll describe how L2 and L3 are bridged together, and ARP’s role in the process using the following illustration:

    Key Players - ARP targets

    In the image above, there are three networks: the purple network, the gray network, and the red network. We’ll use this diagram to illustrate two instances of ARP: First when a host is speaking to another host in the same network (Client to Purple server). And Second when a host is speaking to another host in a different network (Client to Red server).

    When the Client needs to speak to the Purple Server, it will know the Purple Server’s IP address, and from that it will determine that the Purple Server exists in the local network. When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s MAC address.

    ARP will allow the Client to complete the Layer 2 header as follows:

    Key Players - Packet destined to local destination

    When the Client needs to speak to the Red Server, it will know the Red Server’s IP address, and from that it will know that the Red Server exists in a foreign network. As such, the packet must be delivered to the nearest router — otherwise known as the Default Gateway.

    The Client is generally already configured with a Default Gateway — which we can tell from the image will be the R1. When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s MAC address.

    This will allow the Client to populate the Layer 3 and Layer 2 headers as follows:

    Key Players - Packet destined to foreign destination
    To summarize ARP’s operation:

    • When a Client is speaking to a host in the same network, it will ARP for the MAC address of the host
    • When a Client is speaking to a host in a different network, it will ARP for the MAC address of the Default Gateway

    Remember, packet delivery is always the job of Layer 2, and Layer 2’s primary goal is getting a packet from hop to hop. Conversely, Layer 3, which is concerned with end to end delivery is unable to put a packet on a wire and send it to another host’s NIC. ARP’s role is to help the client create the proper L2 header, based on the L3 header, in order to get the packet from one hop to the next.

    It should also be noted that any device that intends to forward a packet based upon the IP address (L3), must also have the ability to deliver the packet to the next hop (L2). As such, any device that uses IP addresses must also use ARP to deliver the packet using MAC addresses. Consequently, all Layer 3 devices must maintain an ARP Table.

    For another explanation of ARP and an illustration of the address resolution process in video form, click here.

    Summary

    This article and the previous covered a lot of ground on a variety of subjects that individually have entire books written about. This was intentionally done so that the next few articles in the series can bring everything together (and go a bit deeper than this article went). But it is crucial that all the tenants of these two articles be understood before moving forward.

    In this article, we discussed the primary purposes of the different layers of the OSI model. Specifically:

    • OSI Layer 1 is the physical medium carrying the 1’s and 0’s across the wire
    • OSI Layer 2 is responsible for hop to hop delivery and uses MAC addresses
    • OSI Layer 3 is responsible for end to end delivery and uses IP Addresses
    • OSI Layer 4 is responsible for service to service delivery and uses Port Numbers

    We also discussed some of the Key Players involved in moving a packet through the Internet:

    • Switches facilitate communications within networks and operate at Layer 2
    • Routers facilitate communication between networks and operate at Layer 3
    • ARP uses a known IP address to resolve an unknown MAC address

    We also discussed three different tables that are use to store different mappings:

    • Switches use a MAC Address Table which is a mapping of Switchports to connected MAC addresses
    • Routers use a Routing Table which is a mapping of known Networks to interfaces or next-hop addresses
    • All L3 devices use an ARP Table which is a mapping of IP Addresses to MAC addresses

    If any of the bullet points above don’t make complete sense, please consider re-reading this article or the one previous before continuing to the next article in this series.

    Series Navigation

    OSI Model >>Host to Host Communication >>

    Tags:
    5 22 votes
    Article Rating
    Subscribe
    Notify of

    38 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments

    I am trying to understand layer 4.

    “OSI Layer 4 is responsible for service to service delivery and uses Port Numbers”.

    Scenario.
    Host A is using Telnet to access Host B on a local network.

    As I am going down the OSI model, the L4 Header has a Source Port and a Destination Port.

    The Source Port is provided by the Host A.

    Q1. Is Destination Port provided by Host A as well? If so, I am at a lost because I do not know the logic of the Destination Port being populated before the FRAM at L2 is sent.

    Thank you Ed. It was on my mind for the longest time. Thank you again.

    Host, while sending a packet to the external network, the destination l2 Mac is default gateway. My question is, do we get l2 Mac because of proxy arp enabled or without proxy arp? If without proxy arp then why proxy arp? Without proxy arp enaled will we get the clients Mac address if source will do a arp query ?

    “Routers operate at Layer 3 of the OSI Model, which means they only look into each datagram up to the Layer 3 header.”

    What does that mean? When and how does the router look into the ethernet header? Or is it meant the other way around, that it also looks at the TCP header? Which protocols does a router have to understand then?

    “Remember, packet delivery is always the job of Layer 2, and Layer 2’s primary goal is getting a packet from hop to hop. Conversely, Layer 3, which is concerned with end to end delivery is unable to put a packet on a wire and send it to another host’s NIC. ”

    Strictly speaking, layer 2 only delivery frames, and layer 3 delivery packets.

    Consider Host A and Host B are connected in the same network through a switch.Host C is in different network. Both the networks are connect through a Router. Case 1: A wants to send something to B. So it know the ip address, but not the MAC address. So how does it talk to B to get its MAC address? It asks the Switch or Router directly? what will happen?
    Case 2: A wants to talk to C. So who will confirm that it belongs to a different network? how to get its MAC address?

    Here is what I think it happens (please correct me if I am wrong) => The first thing a host must look for when sending data is the ‘final destination’ of these data, i.e., the IP address. We can say there are two options: first, final destination is IN the same network i.e., the dst host is ‘reachable’. Second, final destination is NOT in the same network, i.e., dst host is ‘unreachable’ but it knows the default gateway will take care of the routing to the final destination.
    In case 1, Host B is in the same network, this means, it is expected that Host B MAC address is anywhere in the LAN Host A and B belong to. How can Host A know Host B MAC address? ARP request. It will send an ARP request in a broadcast mode, and hopefully Host B will reply with its MAC address. Problem solved: now Host A knows what to put in L2 header as destination (MAC) address.

    In case 2 the process is exactly the same, except now it knows that, as Host C IP address is ‘unreachable’, it has to send the data to the default gateway. So it will proceed as before: ARP. What MAC address is Host A interested in? Default Gateway’s. So ARP to Default Gateways. This means that in this case Host A doesn’t care about Host C MAC address. L2 is aout next hop, and next hop is now the default gateway (or router). This gateway will know what is the next hop as will deliver the data according the routing table. In other words, L2 is about the near neightbourhood. And for something abroad, ask the default gateway 🙂

    HTH

    In the ARP example when .10 from network 11.11.11.0/24 sends a packet to .20 in network 33.33.33.0/24 through the 22.22.22.0/24 network between R1 and R2, how does R1 know to forward the packet to R2.

    A guess would be that:
    1. R1 broadcasts a discovery packet asking everyone who knows of 33.33.33.20?
    2. R2 responds that hey, my “hidden” network is responsible for that subnet and gives back MAC address
    3. R1 sends frame (L2) to R2 that then forwards internally similarly as .10 sent the packet to R1.

    Thank you for this amazing blog. Please keep writing.
    I really appreciate the way you explained the fundamentals of networking.

    *When a Client is speaking to a host in the same network, it will ARP for the IP address of the host*
    *When a Client is speaking to a host in a different network, it will ARP for the IP address of the Default Gateway*

    As this article said, “ARP will use the known IP address, and discover the unknown MAC address.”.
    Therefore, ARP is for the mac address, not ip address.

    Do the interfaces on the left and right of R1 share the same IP address?

    Hi,

    A Little mistake:

    It should not read “When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s IP address.”, but “When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s MAC address.”

    The same applies to what’s said after “To summarize ARP’s operation”.

    Regards
    Stefano

    Dear Ed,

    In case of different subnet, host will ARP for Default gateway’s unknown MAC address. What issues if host connects to L2 switch and L2 switch connects to two L3 switches. I mean that host issues ARP for default gateway to both L3 switches. What happen then?

    Thank you very much.

    “When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s IP address.”

    Because of the word “for” in the above, I thought you were saying that the client was using ARP to find out the Default Gateways’s IP address. This did not make sense to me, but I can now see, if you look at the meaning in the right way, that the ARP request is being made TO the Default Gateway’s IP address. For me, the use of “to” instead of “for” removes this potential confusion. Thanks for this series. I’m getting a lot from it.

    Typically, when two hosts are communicating, they already know each other’s IP address. They can know each other’s IP address from a variety of methods: sometimes it is manually provided by a user, sometimes by another protocol (often DNS). But the actual method employed is irrelevant (at least to this article series).

    In the paragraph above, is it not supposed to be DHCP instead of DNS which provides IP address?

    Hello Ed,

    Great set of articles. Hands down, you are the best when it comes to explaining the networking concepts.
    I do have the following question though. It’s stated everywhere that the L2 layer ie a switch is responsible for the hop to hop delivery of a packet. However, when a packet reaches a router, there is no switch in the picture and then it’s only routers that route the packet to the destination. Hence, my question is, why do we state that the L2 layer(i.e a switch) is responsible for hop to hop delivery? Isn’t it the router which eventually routes it to the correct path and hence is also responsible for hop to hop delivery as well. Kindly elaborate.

    Hi kiran

    Layer 2 is responsible for hop to hop delivery and uses MAC addresses not switch.

    Hi Ed,
    Could you please explain about broadcasting like how a packet is broadcasted(in terms of directed) from one network to different network??
    A client in 10.10.10.x wants to broadcast (directed) a packet to all the hosts in 33.33.33.x. could you please explain the process??

    “When a Client is speaking to a host in the same network, it will ARP for the MAC address of the host.”

    How does the client know if the destination host is in the same network?
    Does it always apply a subnet mask of 255.255.255.0 to figure this out?

    this is really very simple and great explanation .

    From what I understand a Hub, Switch and Router are not considered Host. Correct?

    For below point

    When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s MAC address.

    I guess first ARP request will be generated with destination IP of gateway and once we have the MAC of gateway then it will construct further packets with actual IP as destination