The data link layer is the second layer (layer 2) of the seven-layer OSI model. The data link layer responds to requests from
the network layer above it and issues requests to the physical layer below it. This layer provides reliable transportation of
data across the network medium. The data link layer is concerned with services such as physical addressing, network topology, and
physical link management, synchronization, error control and flow control. The data link layer is divided into two sub-layers:
the media access control (MAC) layer and the logical link control (LLC) layer just above it. The MAC layer controls how computers
on the network gain access to the network in order to transmit data on it. The LLC layer controls services such as packet
synchronization, flow control and error checking.
Network Interface Card (NIC)
The modern Network Interface Card (NIC) is a an exmple of a device that operates at the data link layer. To clearly understand
how network function, you must understand how the NIC works. For a network to function, there must be a mechanism in place to
deliver packets to network nodes. This mechanism must give each system a unique identifier, just like a house has a unique
address. Inside of every NIC burned into a ROM chip is a 48-bit value called the media access control address, or MAC address.
The MAC address is the equivalent of a house's street address. The address is unique and does not change.
No two NICs should ever share the same MAC address. Organizations that manufacture NICs or equipment that has NICs built in, must register with the IEEE and request
a block of their own MAC addresses. They use the block of MAC addresses to assign them to the individual NICs they manufacture.
MAC addresses are generally expressed as a 12-digit HEX number rather than a 48-bit number. To figure out what a NIC's MAC address is,
you can do so by opening a command prompt and typing IPCONFIG /all.
The data link layer is where most local area network (LAN) are defined. Among the most common technologies and protocols
generally associated with this layer are Ethernet, Token Ring, FDDI, ATM, SLIP, and PPP. On modern networks, the most common
data link protocol is Ethernet. For two network hosts to be able to communicate directly with each other, they must communicate
using the same layer 2 protocol.
Network Switches are very common on modern networks. Network switches are actually multi-port bridges. The purpose of a
switch is to receives data from any device connected to it and then re-transmit the data only to that device for which the data
was meant for. This makes the switch a more intelligent device than a hub.
The switch uses the MAC address to determine how to move packets between its ports so that it can deliver it directly to the intended recipient. Network Switches maintain MAC tables in
memory. They use these tables to track the MAC addresses they "learn" about as traffic passes through the device. When a switch
sees a packet for the first time being received on a port, it tracks the MAC in its MAC table for that port. If it receives
a packet that is destined for a MAC address that it has learned, it switches the packet to the correct port. If a switch comes
across a MAC address it has not learned about, it switches the packet on all ports and all of the nodes connected to the switch
will receive the packet for further inspection. Unlike traditional LANs using hubs, network switches allow nodes to transmit at the
same time without causing collisions on the network. Switches have allowed networks to move above the 10 MHz range communicating in
How is the Data Delivered?
Conceptually, we know that data is converted into zeros and ones to be placed on the network. How does this actually work? Well, the NIC uses electricity to send and receive data. A zero equals no
electrical signal, while a one does equal an electrical signal. Data moving on the wire is seen as a pattern of electricity. The next question is, how does this pattern of electricity reach the target
system? It starts by the NIC putting the data chunks, also known as frames, on the network media. These frames are read by NICs, whether the NICs belong to a computer, switch, router, or any other network device. The
frames begin with the MAC address of the target system. In addition, the frame will contain the MAC address of the source system followed by the actual data being carried in the frame. The end of the frame contains
a section called the CRC, or cyclic redundancy check, which is used to ensure that the frame's integrity is intact. When the network switch receives the frame, it will check its MAC tables (as we previously discussed) to
determine which port to switch the frame to. The frame continues on its way until it reaches the target system. Once the target system receives the frame, the target NIC brings the frame into the system and up the
network stack for processing. The target system will continue to receive frames and eventually when all of the frames are received, the data is presented to the application.
If you have been reading along, the next logical question is how does the source system get the MAC address for the target system? Well, if the source system has not yet communicated with the target system, the
source system will send out a special broadcast packet called an ARP (address resolution protocol). When a system sends out an ARP packet, it creates a frame with a target MAC of FF-FF-FF-FF-FF. This frame is received
by all network nodes on the same subnet. The frame does contain the target IP address, so each node will accept the broadcast frame and check to see if their IP address matches in the payload. The network node that
finds a match will respond to the source with an ARP reply providing the source system with its MAC address. Once the source system has the target MAC Address, the two systems can directly communicate with each other.
Recommended Books & Training Resources