Chapter 8: Data Link Layer
Metadata Card
| Item | Content |
|---|---|
| Difficulty | (Higher) |
| Prerequisites | Chapter 1 (Layering Model); Chapter 7 (DNS/CDN/LB) |
| Keywords | Ethernet, MAC address, frame structure, ARP, switch, VLAN, STP, MTU, Path MTU Discovery |
| Python | 3.8+ (using scapy for protocol details; optional ctypes for low-level simulation) |
| Code | ~110 lines |
Your Progress
"One layer down — the post road beneath your feet. The Data Link layer manages spell message transmission within the same post road: magic frames, beacon identifiers (MAC addresses), how stations forward, and the addressing spell (ARP) that translates post road coordinates into beacon identifiers."
Ethernet Frame Structure
┌──────────┬──────────┬──────────┬──────────┬──────────────┬──────────────┐
│Preamble │SFD │Dest MAC │Src MAC │EtherType │Payload │ FCS │
│(7 bytes) │(1 byte) │(6 bytes) │(6 bytes) │(2 bytes) │(46-1500 B) │(4 bytes) │
├──────────┴──────────┴──────────┴──────────┴──────────────┴──────────────┤
│ ← 14-byte header → ← 46−1500 bytes → ← trailer → │
│ ← Min 64 bytes, Max 1518 bytes (excluding preamble) → │
└─────────────────────────────────────────────────────────────────────────┘| Field | Size | Purpose | Looks Like |
|---|---|---|---|
| Preamble | 7 bytes | Clock sync pattern: 10101010 × 56 | 0xAA × 7 |
| SFD | 1 byte | Start frame delimiter: 10101011 | 0xAB |
| Dest MAC | 6 bytes | Receiver MAC. Broadcast = FF:FF:FF:FF:FF:FF | 00:1A:2B:3C:4D:5E |
| Src MAC | 6 bytes | Sender MAC | 00:1A:2B:3C:4D:5F |
| EtherType | 2 bytes | Upper protocol: 0x0800=IPv4, 0x86DD=IPv6, 0x0806=ARP | 0x0800 |
| Payload | 46-1500 bytes | Upper layer data (IP packet), padded if <46B | — |
| FCS | 4 bytes | CRC32 checksum for error detection | 0x12345678 |
ARP — IP to MAC Translator
ARP (Address Resolution Protocol) translates post road coordinates → beacon identifiers within a LAN:
Host A Host B
(192.168.1.10) (192.168.1.20)
│ │
│ 1. ARP Request (Broadcast) │
│ "Who has 192.168.1.20? │
│ I'm 192.168.1.10, MAC=AA:BB"│
│──────────────────────→│ (broadcast to all)
│ │
│ 2. ARP Reply (Unicast) │
│ "Me! 192.168.1.20's │
│ MAC is CC:DD" │
│←──────────────────────│ (only to A)Switch vs Hub
| Feature | Hub | Switch |
|---|---|---|
| Working Layer | Physical (L1) | Data Link (L2) |
| MAC Table? | No, forwards to all | Yes, forwards to target port only |
| Collision Domain | All ports share one | Each port independent |
| Broadcast Domain | All ports share | All ports share |
| Security | Everyone sees your packets | Others can't see (unless malicious) |
| Half Duplex | Yes | No, full duplex |
VLAN — Virtual LAN
VLAN splits one physical switch into multiple logical switches. Each VLAN is an independent broadcast domain. Ports 1-8 (VLAN 10), 9-16 (VLAN 20), 17-24 (VLAN 30) — traffic stays within its VLAN.
STP — Spanning Tree Protocol
STP solves loops by "pruning" the physical network into a logical loop-free tree. Redundant links are kept physically but only activated when the primary link fails. Port states: Blocking → Listening → Learning → Forwarding.
Traveler's Notes
Understanding the data link layer is like knowing how letters move through the postal system before they reach the highway. Ethernet frames are the trucks, MAC addresses are license plates, ARP is the address lookup directory, and switches are the distribution hubs. When you see "ARP request timeout" or "MTU black hole", you'll know exactly which layer to investigate.