Layer 2 – Link Layer (Part One)

The Link Layer is a domain the operations team must be intimately familiar with, and I think it’s a real disservice to programmers that layer 2 issues are treated like some arcane secret. While there’s plenty of depth to explore here, even the basics will help you in a DevOps role, virtualized / container environment, or cloud deployment scenario.

Like Layer 1 (Media), as a developer you will not be working with Layer 2 (Link Layer) frequently. But it will make you an exceptional asset to your team and your organization’s operations and infrastructure team to be able to have conversations on these topics intelligently, as solving problems in a cross-discipline manner here is a competitive advantage for many organization.

This will be a series!

Check back at this page as I will be adding more articles over time.

Recall the following from the “Introduction to Networks” post:



A server was traditionally a separate computer with its own service applications. Client computers or client applications would interact with the server to get the resources they wanted – a file server shares files, a web server provides web pages, and an email server provides emails. In the age of cloud computing, this definition has expanded, so I’ll go into that more deeply in a separate article.


Clients are any application or hardware which needs access to a service. A web browser is a client for web servers – it requests the web pages that its user would like to see.

Network Equipment

  • Router
    • A router connects networks together, like your home network and the network your ISP operates.
  • Switch
    • A switch connects computers on the same network together, like your phone and your computer to your printer
  • WiFi access point
    • Broadcasts and receives WiFi radio signals to allow wireless access to a network
  • DHCP server
    • Assigns IP addresses on a network

You can have a very basic network at the Layer 1 stage… if you only like to talk to one person. But what if you want to talk to more than one other device? An early problem that networks needed to solve was what happens when you have three or more devices on a network, or if you have two devices that both want to talk.

On a handset radio, there is a convention to say “over” when you are done speaking, so that the other party knows they may transmit. This is because a handset radio can either receive or transmit, but not both at the same time. At lower layers of the network, you may find older or specialized equipment which does not support multiplexing which is the ability to transmit and receive at the same time.

Additionally, saying “over” when you are done speaking also lets the other party know they can move from “listening” to your instructions to “executing” on what you told them to do. The Link Layer sets up mechanisms for equipment to know how long to listen to data, and who the data is for on a network.

On a handset radio, sometimes it’s hard to hear what the other person is saying because of interference, which you’ll recognize as the sound of static and garbled words. Layer 2 devices can check to see if data has survived transmit intact via error checking, which is an extra little bit of data that should be the result of adding all the previous 1s and 0s together to get a number. If that bit of data doesn’t match, the device can ask its communication partner to retransmit. “Did not copy; over”.

There’s more to the tools available of Layer 2 than a handset radio can reproduce. On a handset radio, you don’t ever receive words out of order. But it’s possible for groups of transmitted data intended for a particular destination to get transmitted out of order. That means that the portions of networking equipment concerned with Layer 2 must also be able to number their transmissions, so that the intended recipient will know for sure which order they were in.

The mechanism that provides for all of these tasks is called a “Frame“, and it is frequently compared to Layer 3’s “Packet”, which you may already have heard of. “Frames” are logically like an envelope around the data you’re trying to send, although to Layer 1 media, a frame just looks like a slightly longer signal. Frames contain information like destination, origination, size, number of frames in the transmission, which frame in the sequence this is, and plenty more.

  • Destination
    • “Who should listen to this transmission? (Everyone, Anyone, Someone in Particular)”
  • Origination
    • “If you want to respond, who should you address to?
  • Size
    • “How many bits can I expect inside this transmission?”
  • Number of frames in the transmission, number in sequence
    • “How many frames should I expect to accept?”
    • What order should I assemble the frames in to be interpreted by other layers?

There is of course more to it than that, but since this is already getting long I will cover transmission logic more in depth later in a dedicated article about subnets and network topology.

“Subnet?” As in sub-network?

Oh yeah, baby. It’s subnets allll the way down. You see, one of the things network architects have to think about is how much broadcast traffic there is. Remember how we just determined that there are “Anyone” and “Everyone” options on frame destinations? Imagine you’re at a noisy sportsball game. Everyone is shouting. There’s free WiFi for attendees. All of their phones are shouting too – that’s why sometimes you can get worse WiFi in crowded areas. It’s because everyone’s phones have to wait their turn to shout!

One of the ways network architects and engineers can improve network performance is by creating and maintaining subnets for the purpose of limiting the scope of broadcast traffic. If the whole stadium is on the same network, then every time someone arrives and connects to the free WiFi so they can take and share pictures, the network gets a little slower. But if the WiFi is broken up into smaller groups, it’s a lot easier to manage.

(In reality, it’s likely that a stadium has one large guest subnet and simply provisions enough high performance WiFi access points to ensure quality of service. But for the sake of an accessible metaphor, let’s go with it.)

At the highest level of understanding, a subnet is a logical (as opposed to physical) network. For the stadium, maybe they’ll have WiFi advertise presence of a guest network for fans of one team, and a different guest network for fans of the other team. (I don’t know if stadiums actually do this since I’m not a sports attendee.) But for the purposes of this demonstration, you could be sitting anywhere in the stadium and connect to this network. This shows that the network’s subnet is independent of the physical location you are in (which side of the stadium, or part of the stands, or the administration offices); and therefore which WiFi access point you are connected to.

For analytics purposes, that might be nice to identify who are buying tickets without having to count people in the crowd for who’s buying merch – and also, who’s there with people who are buying tickets… but I’m getting distracted.

I’ve gone this long without talking about IP addresses on purpose. This is because while addressing is important, I think a lot of people get very concerned with addressing without understanding the context in which addressing arose. And in order to tell the story of IP addresses later, I need to tell you the story of MAC addresses now.

No, not Mac like Apple. MAC like Media Access Control. These addresses are traditionally hard coded onto whatever network interface card a computer had for connecting to cables or WiFi. (More on this in Part Two.) What this is is a name tag that a computer can use to identify itself without an IP address – since IP addresses are often assigned or can change, how will the networking equipment know how to contact you without an IP address so that you can be given one?

MAC addresses are written in hexadecimal and look kind of funny- like this example from Computer Networking Notes.

Without any separator: - 00000ABB28FC
Extra space after every two digits: - 00 00 0A BB 28 FC
Extra space after every four digits: - 0000 0ABB 28FC
Colon after every two digits: - 00:00:0A:BB:28:FC
Colon after every four digits: - 0000:0ABB:28FC
Period after every two digits: - 00.00.0A.BB.28.FC
Period after every four digits: - 0000.0ABB.28FC

Using MAC addresses, a device can advertise its presence on a network and do things like ask “Who do I talk to to get access to network resources?” and “Who else is here?”

These tasks are handled using something called “Address Resolution Protocol” and you can see it in action here using the command line tool arp:

arp -a
? ( at 24:5a:4c:5e:35:75 on en0 ifscope [ethernet]
one-amaat ( at a4:34:d9:a:90:79 on en0 ifscope [ethernet]
brw802bf99f8c88 ( at 80:2b:f9:9f:8c:88 on en0 ifscope [ethernet]
? ( at 36:b6:69:fa:f9:be on en0 ifscope [ethernet]
? ( at 64:b5:c6:c0:f0:71 on en0 ifscope [ethernet]
? ( at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? ( at 1:0:5e:0:0:fb on en0 ifscope permanent [ethernet]
? ( at 1:0:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

Some of these devices have human readable hostnames, but most on my network do not. There are a few different devices adjacent to me on my subnet, to foreshadow for Layer 3 that would be the network, and I want to draw your attention to a couple of really important MAC addresses here. There are a couple of 01:00:5E addresses – these are in 48bit and the newer 64 bit formats and represent the “multicast” or (Destination – some but not everyone) addresses.

The other really important one is just ff: for each group. That translates to all 1s in binary and is the “Everyone” destination or broadcast address. When a computer first tries to connect to a network, this is the address it will target to determine if it needs to authenticate (WiFi password) and who will give it an IP address.

Conclusion – for now

The Link Layer is where we start to see a lot more logical arrangement over physical media. Historically, Link Layer technologies have sat directly on physical media and security controls reflected this. In the next article(s), I’ll talk more about logical networking topology, how the Link Layer is expressed in virtualized or cloud environments, and how the Link Layer connects to our first layer of chief importance to developers – Layer 3, or the Routing layer.

Thank you for reading. Please let me know if there are any clarifications I can make or further questions I can answer either down in the comments, on LinkedIn, or hit me up on Mastodon.

Related Posts