This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.
The Internet is a fascinating blend of many different elements that all work together to create a world wide network of networks which allow billions of different devices to communicate. In this article, we will look at some of the key players of the Internet and the role each fulfills in order to achieve network communication.
This list is far from exhaustive, but will cover the main “cast and crew” you will need to be familiar with in order to understand how a packet travels through the Internet.
Host
The term host is a generic term that implies any sort of end-device on the Internet. Any device which might be the original initiation of traffic or the final destination of traffic can be considered a host.
The traditional example would be your computer or laptop. But in these modern times, there are so many more: mobile phones, smart TVs, smart watches, certain cars, and even some refrigerators!
Hosts run software and applications for the end user to interact with, and they also at some point need to put bits on a wire. As such, it is said that Hosts operate across all seven layers of the OSI model.
In typical internet communication or network traffic, the two hosts in communication are often labeled as the Client or the Server.
The Client is the entity initiating the request and is looking to acquire a piece of information or data or a service. While the Server is the entity receiving the request and has the information, data, or service that the Client wants.
It should be noted that these terms are relative to specific types of communication.
For example, when your laptop is browsing through a web page, your laptop is acting as the Client and the Web Server is acting as the Server. But when that same Web Server is then downloading software updates, it is now acting as a Client and communicating with an Update Server.
Network
A Network is simply two or more connected devices — typically grouped together by similar purposes or physical location. A network can take many different forms, for example:
- A group of PCs in a classroom are all in the same physical space and would all belong to one network.
- Any typical home network will include multiple laptops, mobile phones, or printers that are all tied to the same physical address. Therefore, all belonging to the same network.
- A coffee shop which has WiFi will allow each of their customers to connect to the same WiFi Network.
- A large company might use multiple networks, often separating them by job role. For instance, one network for all its accountants and another network for all its engineers.
Depending on the purpose of each network, the devices within them will then communicate with other devices in the same network or other devices in different networks.
Any time any of the Key Players discussed in this rest of this article series are connected to each other, you have a network. In fact, the whole Internet is nothing more than a series of Inter-connected networks.
Switch
A Switch is a network device whose primary purpose is to facilitate communication within networks.
Switches operate at Layer 2 of the OSI model, which means they only look into each data-gram up to the Layer 2 header. The Layer 2 header contains information that enables hop to hop delivery, such as the Source and Destination MAC address.
A Switch operates by maintaining what is known as a MAC Address table. This is a table that maps MAC addresses of devices plugged into each switch port. A typical switch has many ports, from 24 to 48, up to 96, or more.
The MAC Address Table is populated by looking at the Source MAC address field of any received frames.
In order to forward the frame, the Switch will lookup the Destination MAC address in their MAC Address Table to determine what port to use.
If a Switch encounters a frame for which it does not know the location of the Destination MAC address, it simply duplicates and floods the frame out each switch port (except the port it was received on). This process will be examined more closely in another article in this series.
Router
A Router is a network device whose primary purpose is to facilitate communication between networks. Each interface on a router creates a network boundary.
Routers operate at Layer 3 of the OSI Model, which means they only look into each datagram up to the Layer 3 header. The Layer 3 header contains information that enables end to end delivery, such as the Source and Destination IP Address.
In the image above, notice that the router on the left (R1) and the router on the right (R2) create three separate networks (11.11.11.x, 22.22.22.x, and 33.33.33.x). R1’s right interface and R2’s left interface are both on the same network.
The only way for the Client in the 11.11.11.x network to speak to the Server in the 33.33.33.x network is to forward the packet to R1, who will in turn forward the packet to R2, who will then finally forward the packet to the Server.
A Router accomplishes all this by maintaining what is known as a Routing Table. This is a table that contains paths to all the networks a Router knows how to reach. These paths are sometimes known as Routes, and each entry contains an IP Network and either an interface or the IP address of the next router in the path to the target.
There are multiple ways a Router can learn of a network and populate its Routing Table. We will look at some of those ways in a later article in this series.
Keep in mind, from the perspective of each router, the Route Table is a map of every network that exists. If a router receives a packet destined to a network it does not know about, then as far as that router is concerned, that network must not exist. Therefore, when a router receives a packet destined to a network which is not in its Routing Table, that packet is discarded.
Address Resolution Protocol (ARP)
Earlier we discussed that MAC addresses are a Layer 2 addressing scheme. We also discussed that IP addresses are a Layer 3 addressing scheme.
What bridges these two addressing schemes is the Address Resolution Protocol (ARP).
Typically, when two hosts are communicating, they already know each other’s IP address. They can know each other’s IP address from a variety of methods: sometimes it is manually provided by a user, sometimes by another protocol (often DNS). But the actual method employed is irrelevant (at least to this article series).
However, what is definitely not known is their MAC addresses. The hosts will use ARP to discover the appropriate MAC address. To put it another way, ARP will use the known IP address, and discover the unknown MAC address. The discovered mapping is then added and stored in an ARP Table, which is a mapping of IP addresses to correlating MAC addresses.
We’ll describe how L2 and L3 are bridged together, and ARP’s role in the process using the following illustration:
In the image above, there are three networks: the purple network, the gray network, and the red network. We’ll use this diagram to illustrate two instances of ARP: First when a host is speaking to another host in the same network (Client to Purple server). And Second when a host is speaking to another host in a different network (Client to Red server).
When the Client needs to speak to the Purple Server, it will know the Purple Server’s IP address, and from that it will determine that the Purple Server exists in the local network. When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s MAC address.
ARP will allow the Client to complete the Layer 2 header as follows:
When the Client needs to speak to the Red Server, it will know the Red Server’s IP address, and from that it will know that the Red Server exists in a foreign network. As such, the packet must be delivered to the nearest router — otherwise known as the Default Gateway.
The Client is generally already configured with a Default Gateway — which we can tell from the image will be the R1. When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s MAC address.
This will allow the Client to populate the Layer 3 and Layer 2 headers as follows:
- When a Client is speaking to a host in the same network, it will ARP for the MAC address of the host
- When a Client is speaking to a host in a different network, it will ARP for the MAC address of the Default Gateway
Remember, packet delivery is always the job of Layer 2, and Layer 2’s primary goal is getting a packet from hop to hop. Conversely, Layer 3, which is concerned with end to end delivery is unable to put a packet on a wire and send it to another host’s NIC. ARP’s role is to help the client create the proper L2 header, based on the L3 header, in order to get the packet from one hop to the next.
It should also be noted that any device that intends to forward a packet based upon the IP address (L3), must also have the ability to deliver the packet to the next hop (L2). As such, any device that uses IP addresses must also use ARP to deliver the packet using MAC addresses. Consequently, all Layer 3 devices must maintain an ARP Table.
Summary
This article and the previous covered a lot of ground on a variety of subjects that individually have entire books written about. This was intentionally done so that the next few articles in the series can bring everything together (and go a bit deeper than this article went). But it is crucial that all the tenants of these two articles be understood before moving forward.
In this article, we discussed the primary purposes of the different layers of the OSI model. Specifically:
- OSI Layer 1 is the physical medium carrying the 1’s and 0’s across the wire
- OSI Layer 2 is responsible for hop to hop delivery and uses MAC addresses
- OSI Layer 3 is responsible for end to end delivery and uses IP Addresses
- OSI Layer 4 is responsible for service to service delivery and uses Port Numbers
We also discussed some of the Key Players involved in moving a packet through the Internet:
- Switches facilitate communications within networks and operate at Layer 2
- Routers facilitate communication between networks and operate at Layer 3
- ARP uses a known IP address to resolve an unknown MAC address
We also discussed three different tables that are use to store different mappings:
- Switches use a MAC Address Table which is a mapping of Switchports to connected MAC addresses
- Routers use a Routing Table which is a mapping of known Networks to interfaces or next-hop addresses
- All L3 devices use an ARP Table which is a mapping of IP Addresses to MAC addresses
If any of the bullet points above don’t make complete sense, please consider re-reading this article or the one previous before continuing to the next article in this series.
I am trying to understand layer 4.
“OSI Layer 4 is responsible for service to service delivery and uses Port Numbers”.
Scenario.
Host A is using Telnet to access Host B on a local network.
As I am going down the OSI model, the L4 Header has a Source Port and a Destination Port.
The Source Port is provided by the Host A.
Q1. Is Destination Port provided by Host A as well? If so, I am at a lost because I do not know the logic of the Destination Port being populated before the FRAM at L2 is sent.
> Q1. Is Destination Port provided by Host A as well? If so, I am at a lost because I do not know the logic of the Destination Port being populated before the FRAM at L2 is sent.
The port numbers create a “socket” on the hosts from which to allow traffic in and out of a certain application. For example, if Host B is a web server, it would be listening on the standard web port of TCP/80. Anyone that wanted to make a request to the web service of Host B would send a request to Host B’s IP address on TCP/80 — which becomes the Destination port number.
When Host A initiates the web request, it must pick a port# to use to receive what Host B sends. It picks this source port randomly, from the range 1025-65535. This number becomes the Source Port number.
So to answer your question. Host A picks both ports, it selects the Source port randomly, and it selects the Destination port of TCP/80 because that is the service it is making a request to on Host B.
Thank you Ed. It was on my mind for the longest time. Thank you again.
Host, while sending a packet to the external network, the destination l2 Mac is default gateway. My question is, do we get l2 Mac because of proxy arp enabled or without proxy arp? If without proxy arp then why proxy arp? Without proxy arp enaled will we get the clients Mac address if source will do a arp query ?
Hi Dillip. In the case of a host knowing that the packet must go to the default gateway, the ARP Request and Response is simply a traditional ARP — Proxy ARP does not come into play.
Proxy ARP occurs when a device responds to ARP on behalf of another device. To learn more about ARP and the different versions that exist and when each are used, check out the series on ARP here: pracnet.net/arp.
“Routers operate at Layer 3 of the OSI Model, which means they only look into each datagram up to the Layer 3 header.”
What does that mean? When and how does the router look into the ethernet header? Or is it meant the other way around, that it also looks at the TCP header? Which protocols does a router have to understand then?
Hi Jen,
It was said accurately, Router’s operate at L3, and therefore only interact with the L3 and L2 header. This is all a part of the encapsulation and decapsulation process.
The Router uses the L3 header to determine where to send the packet next. The Router uses the L2 header to ensure the packet was intended to reach the Router. There are cases where a Router receives a packet which was not intended for the router, such as when a switch floods traffic, or a broadcast message is sent.
“Remember, packet delivery is always the job of Layer 2, and Layer 2’s primary goal is getting a packet from hop to hop. Conversely, Layer 3, which is concerned with end to end delivery is unable to put a packet on a wire and send it to another host’s NIC. ”
Strictly speaking, layer 2 only delivery frames, and layer 3 delivery packets.
In the end it is just semantics. However, a packet is defined as a construct of an IP address and a Payload (i.e., a packet is [IP][PAYLOAD]. And the component that delivers such a construct is a L2 header. Hence, L2 is delivering the packet.
L3 is responsible for getting the Payload from end to end. The payload L3 is responsible for delivering is the construct of a L4 Header and Data (i.e., a segment, which is [L4][DATA]).
Consider Host A and Host B are connected in the same network through a switch.Host C is in different network. Both the networks are connect through a Router. Case 1: A wants to send something to B. So it know the ip address, but not the MAC address. So how does it talk to B to get its MAC address? It asks the Switch or Router directly? what will happen?
Case 2: A wants to talk to C. So who will confirm that it belongs to a different network? how to get its MAC address?
Here is what I think it happens (please correct me if I am wrong) => The first thing a host must look for when sending data is the ‘final destination’ of these data, i.e., the IP address. We can say there are two options: first, final destination is IN the same network i.e., the dst host is ‘reachable’. Second, final destination is NOT in the same network, i.e., dst host is ‘unreachable’ but it knows the default gateway will take care of the routing to the final destination.
In case 1, Host B is in the same network, this means, it is expected that Host B MAC address is anywhere in the LAN Host A and B belong to. How can Host A know Host B MAC address? ARP request. It will send an ARP request in a broadcast mode, and hopefully Host B will reply with its MAC address. Problem solved: now Host A knows what to put in L2 header as destination (MAC) address.
In case 2 the process is exactly the same, except now it knows that, as Host C IP address is ‘unreachable’, it has to send the data to the default gateway. So it will proceed as before: ARP. What MAC address is Host A interested in? Default Gateway’s. So ARP to Default Gateways. This means that in this case Host A doesn’t care about Host C MAC address. L2 is aout next hop, and next hop is now the default gateway (or router). This gateway will know what is the next hop as will deliver the data according the routing table. In other words, L2 is about the near neightbourhood. And for something abroad, ask the default gateway 🙂
HTH
Brilliant =) Absolutely correct. You can see the process in this video discussing ARP.
In the ARP example when .10 from network 11.11.11.0/24 sends a packet to .20 in network 33.33.33.0/24 through the 22.22.22.0/24 network between R1 and R2, how does R1 know to forward the packet to R2.
A guess would be that:
1. R1 broadcasts a discovery packet asking everyone who knows of 33.33.33.20?
2. R2 responds that hey, my “hidden” network is responsible for that subnet and gives back MAC address
3. R1 sends frame (L2) to R2 that then forwards internally similarly as .10 sent the packet to R1.
Hi Matyas. R1 will have to be told of the 33.33.33.0/24 network, most likely with a Static Route, or possibly with Dynamic Routing. Then R1 will use the process outlined here to get the packet to R2
Thank you for this amazing blog. Please keep writing.
I really appreciate the way you explained the fundamentals of networking.
*When a Client is speaking to a host in the same network, it will ARP for the IP address of the host*
*When a Client is speaking to a host in a different network, it will ARP for the IP address of the Default Gateway*
As this article said, “ARP will use the known IP address, and discover the unknown MAC address.”.
Therefore, ARP is for the mac address, not ip address.
Hi Andy,
The intent of that phrase is the hosts will ARP to discover the MAC addresses associated with the IP Address of the Host or Default Gateway. The details of ARP are elaborated in this video.
Do the interfaces on the left and right of R1 share the same IP address?
Hello Jon. No, they don’t. Each Router interface has it’s own unique IP address. That is how the Routers know what IP networks they are connected to.
Hi,
A Little mistake:
It should not read “When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s IP address.”, but “When a Client is attempting to speak to a host in the same network, the Client will issue an ARP request for the host’s MAC address.”
The same applies to what’s said after “To summarize ARP’s operation”.
Regards
Stefano
Thank you, Stefano. I’ve updated the wording.
Dear Ed,
In case of different subnet, host will ARP for Default gateway’s unknown MAC address. What issues if host connects to L2 switch and L2 switch connects to two L3 switches. I mean that host issues ARP for default gateway to both L3 switches. What happen then?
Thank you very much.
The host is configured with only one default gateway — this is the IP they are ARPing for. If that IP only exists on one L3 switch, than only that one will answer. IF the IP is being shared by the L3 switches (as in HSRP or VRRP or something) then either L3 switch can/will respond with the virtual MAC address of the shared IP address. More details on L3 switches here: https://www.practicalnetworking.net/stand-alone/routing-between-vlans/
“When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s IP address.”
Because of the word “for” in the above, I thought you were saying that the client was using ARP to find out the Default Gateways’s IP address. This did not make sense to me, but I can now see, if you look at the meaning in the right way, that the ARP request is being made TO the Default Gateway’s IP address. For me, the use of “to” instead of “for” removes this potential confusion. Thanks for this series. I’m getting a lot from it.
Glad you enjoyed it, Daniel. I re-worded those sections to indicate the ARP is being done to resolve the Default Gateway’s MAC address. Hope that makes more sense =)
Typically, when two hosts are communicating, they already know each other’s IP address. They can know each other’s IP address from a variety of methods: sometimes it is manually provided by a user, sometimes by another protocol (often DNS). But the actual method employed is irrelevant (at least to this article series).
In the paragraph above, is it not supposed to be DHCP instead of DNS which provides IP address?
HI Ashwin. DHCP will tell a host it’s own IP address. DNS can tell a host another host’s IP address. In the paragraph you quoted, I’m stating DNS can be used to acquire the IP address of the other host being communicated with.
Hello Ed,
Great set of articles. Hands down, you are the best when it comes to explaining the networking concepts.
I do have the following question though. It’s stated everywhere that the L2 layer ie a switch is responsible for the hop to hop delivery of a packet. However, when a packet reaches a router, there is no switch in the picture and then it’s only routers that route the packet to the destination. Hence, my question is, why do we state that the L2 layer(i.e a switch) is responsible for hop to hop delivery? Isn’t it the router which eventually routes it to the correct path and hence is also responsible for hop to hop delivery as well. Kindly elaborate.
Hi kiran
Layer 2 is responsible for hop to hop delivery and uses MAC addresses not switch.
Hi Ed,
Could you please explain about broadcasting like how a packet is broadcasted(in terms of directed) from one network to different network??
A client in 10.10.10.x wants to broadcast (directed) a packet to all the hosts in 33.33.33.x. could you please explain the process??
Sure! I discuss Broadcasts in great detail here:
https://www.practicalnetworking.net/stand-alone/local-broadcast-vs-directed-broadcast/
“When a Client is speaking to a host in the same network, it will ARP for the MAC address of the host.”
How does the client know if the destination host is in the same network?
Does it always apply a subnet mask of 255.255.255.0 to figure this out?
Great question. A client knows it’s own IP and it’s own Subnet Mask, therefore it can do a little subnetting to determine what other IP addresses are on it’s own network. If the target host is in that range, it knows it is speaking to a host in the same network. If the target host’s IP address is not in that range, then it must use the Default Gateway.
this is really very simple and great explanation .
From what I understand a Hub, Switch and Router are not considered Host. Correct?
Hub / Switch can only be considered hosts if you are sending traffic TO the hub/switch. Otherwise, correct, they are not considered host.
Hosts and Routers are actually more similar than you think. I discuss the explicit difference in this video:
https://www.youtube.com/watch?v=AzXys5kxpAM
For below point
When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s MAC address.
I guess first ARP request will be generated with destination IP of gateway and once we have the MAC of gateway then it will construct further packets with actual IP as destination
Almost… except, the destination IP of the gateway will not be used. THe destination IP will still be the end host of the communication. More details here: https://www.youtube.com/watch?v=JI9Zm2tbUoE