How the Internet Works: the Link Layer

The Link Layer consists of the various hardware components of the physical network itself, and also some of the protocols that the internet uses to transfer data between those hardware components.

The Physical Network

The physical network is the hardware on which the internet runs. It consists of various devices and cables. The electricity and radio waves (when using WiFi) that the devices use to transmit data are also considered part of the physical network.

Some of the nodes (individual devices) on the physical network are computers, hubs, switches, routers and WiFi transmitters. (Most so-called “routers” in typical residential and small business internet installations are actually a combination of a router, a switch and a WiFi transmitter.)

Hardware: Hubs, Switches and Routers

Both hubs and switches are used to connect nodes together into a local area network, or LAN. Both have a number of cable ports (places to plug a cable into). The cables are used to connect each node’s Network Interface Card (NIC) to the hub or switch. But while the physical connection process is the same for hubs and switches (and, indeed, the devices themselves look very much alike), they behave quite differently.

Hubs are an older technology that simply takes an incoming signal and sends it out to every other port. When hubs became available, they made it a lot easier to connect a group of computers into a LAN. However, they are inherently non-scalable. A collision happens when two signals are sent at the same time on the network, and when this happens both signals have to be resent (one is resent a little after the other). Obviously, collisions slow down the network, and collisions increase exponentially as nodes are added to the network.

Switches solved this problem by adding a layer of software to send a signal only to its intended recipient. The nodes on the network plug into a box with a number of switches in it (called, not surprisingly, a switch box). Each switch has a list of all the nodes on its network, and uses each NIC’s specific address (called a Media Access Control address, or MAC address) to send a signal only to the node for which it is intended. This avoids the exponential collision problem when scaling.

Switches also avoid some security issues inherent in hub traffic. If every node receives the traffic from every other node, ways can be found to access the information. Since switches don’t send the traffic to any node other than the intended recipient, the traffic is less exposed.

For these reasons, switches have largely replaced hubs in physical networks.

Routers are used to send traffic from one network to another. Logically, from the standpoint of the LAN, routers are just like any other computer: they have their own MAC address, and switches have them in their “address book.” Traffic that is intended for the internet gets sent to the router, and the router sends it out into the internet. (How it actually does this, and how the traffic eventually gets to its destination node, are defined in the Link, Internet and Transport layers.)

Data Structure: Bits and Bytes

In physical terms, all digital information is expressed in terms of bits (short for binary digits). A binary digit (a base-two digit) can have a value of either 1 or 0, and is the fundamental unit of digital information. Every piece of software, from data storage architecture to firmware to device drivers to operating systems to software applications, is ultimately defined in terms of many millions (or billions or trillions or more) of ones and zeros.

For example, every picture element (pixel) on an average monitor screen has its current color defined in terms of 24 bits. Since 24 bits have 16,777,216 possible combinations, that is the number of color shades available for each individual pixel.

Machine language is the language that computer hardware understands, and consists entirely of combinations of ones and zeros. All software programs, no matter the language they are written in, ultimately get translated into machine language in some way before they execute.

There are many names for a sequence of bits sent out on the internet. Data, of course, is one of them. What the data is called depends on the logical context in which you are referring to it, but at the physical level, data is a stream of values called a signal. Data is expressed in terms of a binary (two) variation in a signal per unit of time, one value for 1 and one value for 0. For example, a digital electrical signal will have one voltage for a 1 and another for 0. Digital signals can also be expressed in terms of variations in an electromagnetic field or beam of light.

For human readability, bits are organized in various groups.

A byte is eight bits, meaning that it can represent 256 different combinations of bits. The term “byte” was not standardized as eight bits until 1993, so in technical descriptions, you will often see the term octet, which always means eight bits.

Bytes are usually represented with two hexadecimal, or base 16, integers, often abbreviated to hex. Hexadecimal representations use the numbers 0 through 9 and the characters A through F (these characters may be in either upper or lower case) to represent 16 different integer values. Hex is often used to represent bytes because eight binary digits can represent up to 256 values, or FF values in hex. So, byte values need three decimal digits to represent them, but only two hex digits. Meaning, hex is a more efficient way to represent bytes.

Using the example of a monitor, the color white can be represented by and black by #000000. All the other colors are some number between these two, so six digits for all of them. Again, decimal for FFFFFF is 16777216, or eight digits.

Bandwidth and Latency

Bandwidth and latency are important because they affect how long an internet page takes to load, and therefore affect a user’s perception of how well an internet application performs.

Bandwidth is a measure of capacity. It is the total amount of data that a network segment can send at a time. Latency is a measure of speed. It is the time it takes for a unit of data to travel from one end of the network segment to the other.

The analogy of an expressway that runs from point A to point B is helpful to explain these terms. Bandwidth is how many lanes the road has. Latency is how long it takes one car to get from point A to point B on the road. (The longer the distance, and/or the slower the car, the longer the latency.)

Bandwidth is primarily determined by what type of physical medium the network segment uses to transport data. Some cables and devices can transport data at 10 Mbps (megabits per second), while others can handle as much as 100 Gbps (gigabits per second).

There are four types of delay that contribute to latency:

• Propagation delay: this is the time required for a unit of data to move through the media between its source and destination. For example, a signal moves faster over fiber optic cable than over copper cable, so propagation delay per unit distance is lower on fiber optic than on copper.
• Transmission delay: this is the time required to break a unit of data into packets, check it for errors and put it on the wire.
• Processing delay: this is the time it takes a router to process a packet header, including checking the destination IP address and encapsulating the packet in a frame of the type required by the next hop.
• Queueing delay: this is the time a packet has to wait to get processed because a router is processing other packets.

Latency can be defined as the sum of these four delay types as applied to a unit of data.

Latency is one of the primary issues affecting design choices at higher layers, because ultimately it directly affects the user experience. Low latency is a goal, but lowering latency often comes at a cost of also lowering reliability. We’ll cover this in more detail in upcoming articles, but it’s important to keep latency in mind in every design decision.

Transferring data on the Link Layer

A transfer of data begins when a node on a network somewhere requests data from a different network on the internet.

Data is transferred in blocks called frames. The structure of a frame depends on the link protocol that the network is using, but all frame formats encapsulate (wrap or enclose) the data payload from the layer above (the Internet Layer) with information that explains how to send it across the network.

The most common link-layer protocol in use — by far — is Ethernet.

MAC Addresses

The Ethernet protocol uses MAC addresses to identify where to send data requests and responses. A node’s MAC address is a globally unique value that is “burned” into the read-only memory (ROM) of the node’s network interface card, (NIC). So, theoretically, no two nodes anywhere in the world have the same MAC address. “Theoretically” because duplicate MAC addresses due to manufacturing errors, hacking, or administrative errors have occurred, although these are extremely rare.

MAC addresses are six bytes, or 48 bits, long, usually notated as six groups of two hex digits separated by a colon or hyphen, e.g. 0e:da:4c:53:f0:b4. The first three sets of values are a three-byte ID assigned to a specific manufacturer; for example a NIC with a MAC address beginning with 60:33:4B was manufactured by Apple. The last three bytes are the serial number for a specific NIC, as assigned by the manufacturer.

Ethernet Frames

An Ethernet frame contains the following:

1. Source MAC address. Six bytes.
2. Destination MAC address. Six bytes.
3. Length of the data being sent, or the data payload. Two bytes.
4. Destination Service Access Point (DSAP), Source Service Access Point (SSAP) and Control. One byte each for DSAP and SSAP; Control may be either one or two bytes. These give specifics about the protocol being used by communicating networks. (These three together are also called the LLC header, for Logical Link Control.)
5. The data payload.
6. A frame check sequence. This is generated by an algorithm based on the value of bits in the address, type, and data fields. If the check shows corrupt data, the frame is dropped.

Basically, then, a frame consists of a source MAC address, the destination MAC address, some other metadata for control purposes, and the payload. (The payload is an Internet Layer PDU, which is called a packet. We'll cover packets in the next article.)

How Ethernet Frames Are Sent

To send an Ethernet frame, the sender first sends the recipient a preamble and a start-of-frame delimiter (SFD). These are used to notify the receiving device that a frame is on the way. The Ethernet preamble consists of seven octets, each set to 10101010; the SFD is one octet, set to 10101011. So, basically, a bunch of 10 sequences gets the listener’s attention, and then a 11 tells the listener that the frame is coming next.

Frames are also sent with a small gap between them, called, not surprisingly, an interframe gap or IFG. The standard size of this gap is 96 bit-times, or the amount of time required to send 96 bits across a given point on the medium in use. As such, the actual length time of this gap varies with the physical medium in use; faster media will have shorter IFGs than slower media in terms of actual time.

The underlying reason for an IFG is to give the receiving device time to decode the frame and reset for the next one. It’s important to be aware of IFGs because if two different Ethernet cards are having trouble transmitting data it can be because they are each working with different IFG time.

Ethernet frames define how to send data over the internet, but not where. Using MAC addresses to work out where to send frames is unworkable.

MAC addresses are not structured hierarchically. This means that, while every physical device has its own MAC, there’s no way to organize different MACs by their physical location. In a post office analogy, suppose every house and office had a unique number, but no street, city, state or zip code. A piece of mail would have to be sent all over the world until it found the right house! So, if MAC addresses were used to figure out where to send data between networks, each message would have to be broadcast worldwide, flooding every node in the world with messages not its own, from which it would have to pick out messages with its own MAC address on it. Clearly, this is unworkable; nearly all messages that a given node received would be for a different one.

This problem of where to send data is solved at the internet layer, which implements a hierarchical system of addressing. The next article, How the Internet Works: the Internet Layer, will explain how the internet layer uses IP addresses to determine where data is to be sent.