Ethernet at the Data-Link Layer
At the data link layer, Ethernet specifies what the data should look like, including the header and trailer. The protocol is defined by IEEE 802.3 and divides the data link layer into two sublayers: the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer.
The MAC Sublayer
802.3 specifies a sublayer within Ethernet called the Ethernet Media Access Control sublayer. This acts as an interface between the physical layer and the higher-level services of a network interface.
Ethernet Frame vs Ethernet Packet
Technically 802.3 defines both a Media Access Control (MAC) frame and a MAC packet.
An Ethernet MAC frame includes a destination address, source address, length/type, payload plus padding and finally a frame check sequence (FCS).
An Ethernet MAC Packet encapsulates the MAC frame, adding a preamble and a 'start of frame' delimiter.
Most texts (and engineers) will use ‘frame’ or ‘Ethernet frame’ to refer to the complete ‘Ethernet Packet’ from the preamble to the FCS. When people refer to a packet, they will almost always be referring to an IP packet at the internet layer.
The most common form of an Ethernet PDU is summarised below.
Ethernet Shared Media compared to Point to Point links
Historically, LANs could use 'shared media' which meant that layer 2 devices called hubs were used to connect devices on the network. Hubs simply repeated the signals received on one port out of all the other ports which meant that the total bandwidth was shared across the whole network. This means that if different devices transmit data at the same time, the electrical signals may 'collide'.
Modern networks use switches at layer two. Switches are more advanced than hubs and treat each port as a separate, point to point link. This means that bandwidth is no longer shared across the whole LAN. Therefore the switch acts as a boundary to prevent collisions from happening across the network.
Length: 7 bytes (56 bits)
The Ethernet Preamble is a series of alternating ‘1s’ and ‘0s’ which enables a receiver to synchronise with the transmitter.
Start of Frame Delimiter
Length: 1 byte (8 bits)
The start of frame delimiter indicates to the receiver the end of the preamble and therefore the beginning of the other Ethernet header content.
The MAC address of the intended recipient, or recipients of the frame.
The MAC address of the sender.
Type / Length
In modern networks, this field is used for the EtherType which indicates what
type of data is encapsulated. For example, a value of
0x0800 would mean that
the frame encapsulates IP data. The IEEE maintains the official registry
of available EtherTypes.
Ethernet Payload / Layer 3 Data / Client Data
Data from a higher layer which is being encapsulated. This is most often an IPv4 or IPv6 packet. To fit in a typical frame, the maximum length of the packet is 1500 bytes. Therefore, we say that the layer 3 Maximum Transmission Unit (MTU) is 1500 bytes for Ethernet.
Because the minimum length of a payload is 46 bytes, if the payload is less than that then padding is added.
Frame Check Sequence (FCS)
The Ethernet FCS is a cyclic redundancy check which allows the recipient to check whether the data has been corrupted.
Ethernet frames include a source and a destination Media Access Control (MAC) address. Generally, each interface on a network will have a MAC address – whether it’s a port on a switch, a network interface card (NIC) in a computer or a WiFi chip in a phone. There are also special addresses for sending frames to multiple recipients.
All MAC addresses are 48 bits (6 bytes) long and are typically represented using hexadecimal (hex) notation. If the first bit of the destination address is 0, the address is a unicast address which means that it is intended for a single recipient. If the first bit is 1 then the address indicates a group address.
Unicast MAC Addresses
Messages being sent to a single device use a unicast or individual address. It is important that each device on a network has a unique Ethernet address so that frames get sent to the correct device. To ensure this, all ethernet hardware is assigned a globally unique MAC address for each interface by the manufacturer.
Consequently, MAC addresses are also called burned-in addresses (BIA).
Some operating systems, or software make it possible to alter the MAC address of a given interface. This can be done for privacy reasons, network requirements (for example, networking with virtual machines) or for more nefarious purposes.
Unicast addresses are formed of two equal parts: an Organizationally Unique Identifier for the manufacturer and an interface specific identifier.
Organizationally Unique Identifier (OUI)
Length: 24 bits (3 bytes)
Every vendor of Ethernet equipment should have their own unique OUI which has been assigned by the IEEE.
Vendor Assigned, Interface Specific Identifier
Length: 24 bits (3 bytes)
The vendor is responsible for assigning the last 24 bits which should an identifier unique to that manufacturer so that no two devices have the same address.
Other MAC addresses may be associated with none or more devices on a network.
Multicast MAC Addresses
Multicast addresses may be used to send messages to a specific group of devices on a network. The details of operation must be configured at a higher layer. For example, the Cisco Discovery Protocol (CDP) uses multicast addresses.
The broadcast address is used to send a frame to all devices on the local area network. The broadcast address has all bits set to ‘1’ which is FF:FF:FF:FF:FF:FF in hex.
What does OUI stand for?
What does MAC stand for?
Which service is not provided by Ethernet.
Addressing between physical interfaces.
A check for the recipient that the raw data being transmitted does not contain errors.
Confirmation for the sender that data has reached the recipient.
An ability to broadcast to all interfaces on the same LAN.
What is the maximum length for the client data payload in a standard Ethernet frame?
There is no defined maximum.