The Data Link Layer

 The Data-link layer is the second layer from the bottom in the OSI (Open System Interconnection) network architecture model. It is responsible for the node-to-node delivery of data. Its major role is to ensure error-free transmission of information. DLL is also responsible to encode, decode and organize the outgoing and incoming data. This is considered the most complex layer of the OSI model as it hides all the underlying complexities of the hardware from the other above layers. 

Ethernet
The protocol most widely used to send data across individual links is known as Ethernet. 

Ethernet and the data link layer provide a means for 

software at higher levels of the stack to send and receive data. 

One of the primary purposes of this layer is to essentially abstract away 

the need for any other layers to care 

about the physical layer and what hardware is in use. 

So, for example, your web browser doesn't need to know if it's 

running on a device connected via a twisted pair or a wireless connection. 

It just needs the underlying layers to send and receive data for it. 

the Ethernet in use today is 

comparable to the Ethernet standards as first published all those years ago. 

In 1983, computer networking was totally different than it is today. 

One of the notable differences in land topology was that 

the switch or switchable hub hadn't been invented yet. 

This meant that frequently, 

many or all devices on a network shared a single collision domain. 

You might remember from our discussion about hubs and switches that 

a collision domain is a network segment where only one device can speak at a time. 

This is because all data in a collision domain is sent to all the nodes connected to it. 

If two computers were to send data across the wire at the same time, 

this would result in literal collisions of the 

electrical current representing our ones and zeros, 

leaving the end result unintelligible. 

Ethernet, as a protocol, 

solved this problem by using a technique known as 

carrier sense multiple access with collision detection. 

Doesn't exactly roll off the tongue. 

We generally abbreviate this to CSMA/CD. 

CSMA/CD is used to determine when 

the communications channels are clear and when the device is free to transmit data. 

The way CSMA/CD works is actually pretty simple. 

If there's no data currently being transmitted on the network segment, 

a node will feel free to send data. 

If it turns out that two or more computers end up trying to send data at the same time, 

the computers detect this collision and stop sending data. 

Each device involved with the collision then waits 

a random interval of time before trying to send data again. 

This random interval helps to prevent all the computers 

involved in the collision from colliding 

again the next time they try to transmit anything. 

When a network segment is a collision domain, 

it means that all devices on that segment 

receive all communication across the entire segment. 

This means we need a way to identify which node the transmission was actually meant for. 

MAC Address 

A MAC address is 

a globally unique identifier attached to an individual network interface. 

It's a 48-bit number normally represented by six groupings of two hexadecimal numbers. 

 

A MAC address is 

a globally unique identifier attached to an individual network interface. 

It's a 48-bit number normally represented by six groupings of two hexadecimal numbers. 

A MAC address is split into two sections. 

The first three octets of a MAC address are known as 

the organizationally unique identifier or OUI. 

These are assigned to individual hardware manufacturers by 

the IEEE or the Institute of Electrical and Electronics Engineers. 

This is a useful bit of information to keeping 

your back pocket because it means that you can 

always identify the manufacturer of a network interface purely by its MAC address. 

The last three octets of MAC address can be 

assigned in any way that the manufacturer would like with 

the condition that they only assign 

each possible address once to keep all MAC addresses globally unique. 

Ethernet uses MAC addresses to ensure that the data it 

sends has both an address for the machine that sent the transmission, 

as well as the one that the transmission was intended for. 

In this way, even on a network segment, 

acting as a single collision domain, 

each node on that network knows when traffic is intended for it.

Unicast

A unicast transmission is always meant for just one receiving address. 

At the Ethernet level, 

this is done by looking at a special bit in the destination MAC address. 

If the least significant bit in the first octet of a destination address is set 

to zero, it means that Ethernet frame is intended for only the destination address. 

This means it would be sent to all devices on the collision domain, but 

only actually received and processed by the intended destination. 

If the least significant bit in the first octet of a destination address 

is set to one, it means you're dealing with a multicast frame.

Multicast

 

A multicast frame is similarly set to all devices on the local network signal. 

What's different is that it will be accepted or discarded by each device 

depending on criteria aside from their own hardware MAC address. 

Network interfaces can be configured to accept lists of configured multicast 

addresses for these sort of communication.

Broadcast

An Ethernet broadcast is sent to every single device on a LAN. 

This is accomplished by using a special destination known as a broadcast address. 

The Ethernet broadcast address is all Fs. 

Ethernet broadcasts are used so that devices can learn more about each other.

Ethernet Frame

A data packet is an all-encompassing term 

that represents any single set of binary data being sent across a network link. 

It just represents a concept. 

One set of data being sent from point A to Point B. 

An Ethernet frame is a highly structured collection of information 

presented in a specific order. 

This way network interfaces at the physical layer can convert a string of 

bits, travelling across a link into meaningful data or vice versa. 

Almost all sections of an Ethernet frame are mandatory and 

most of them have a fixed size. 

The first part of an Ethernet frame is known as the preamble. 

A preamble is 8 bytes or 64 bits long and can itself be split into two sections. 

The first seven bytes are a series of alternating ones and zeros. 

These act partially as a buffer between frames and 

can also be used by the network interfaces to synchronize internal clocks they use, 

to regulate the speed at which they send data. 

This last byte in the preamble is known as the SFD or start frame delimiter. 

This signals to a receiving device that the preamble is over and 

that the actual frame contents will now follow.

This is the hardware address of the intended recipient. 

Which is then followed by the source MAC address, or 

where the frame originated from.

The next part of an Ethernet frame is called the EtherType field. 

It's 16 bits long and used to describe the protocol of the contents of the frame. 

It's worth calling out that instead of the EtherType field, 

you could also find what's known as a VLAN header. 

It indicates that the frame itself is what's called a VLAN frame. 

If a VLAN header is present, the EtherType field follows it. 

VLANs are usually used to segregate different forms of traffic. 

So you might see a company's IP phones operating on one VLAN, 

while all desktops operate on another.

 

A payload in networking terms is the actual data being transported, 

which is everything that isn't a header. 

The data payload of a traditional Ethernet frame 

can be anywhere from 46 to 1500 bytes long. 

This contains all of the data from higher layers such as the IP, transport and 

application layers that's actually being transmitted. 

Following that data we have what's known as a frame check sequence. 

This is a 4-byte or 32-bit number that represents a checksum value for 

the entire frame. 

This checksum value is calculated by performing 

what's known as a cyclical redundancy check against the frame. 

A cyclical redundancy check or CRC, is an important concept for 

data integrity and is used all over computing, not just network transmissions. 

A CRC is basically a mathematical transformation that uses polynomial 

division to create a number that represents a larger set of data. 

Anytime you perform a CRC against a set of data, 

you should end up with the same checksum number. 

The reason it's included in the Ethernet frame is so 

that the receiving network interface can infer if it received uncorrupted data. 

When a device gets ready to send an Internet frame, 

it collects all the information we just covered, like the destination and 

originating MAC addresses, the data payload and so on. 

Then it performs a CRC against that data and attaches the resulting checksum number 

as the frame check sequence at the end of the frame.

This data is then sent across a link and received at the other end. 

Here, all the various fields of the Ethernet frame are collected and 

now the receiving side performs a CRC against that data. 

If the checksum computed by the receiving end doesn't match the checksum 

in the frame check sequence field, the data is thrown out. 

This is because some amount of data must have been lost or 

corrupted during transmission. 

It's then up to a protocol at a higher layer to decide if that data 

should be retransmitted. 

Ethernet itself only reports on data integrity. 

It doesn't perform data recovery.

References:

Data Link Layer