Content source: https://www.youtube.com/watch?v=iV5fajdpb7c
The approach taken in this video was quite commendable to explain layers of a network and takes a bottom up approach starting from the physical layer and building up the stack.
Data Link
- Starts by taking the example of a simple network where multiple devices are connected to a hub.
- Each device in the network has a unique address called the MAC.
- If device A wants to talk to device B, the data is sent to the hub and hub replicates the same to all the connected devices
- The communication happens using layer 2 frames
- Frames contain source and destination MAC address
- Since all the devices receive the frame irrespective of who it was sent to, only device which matches the destination MAC address in the frame accepts it and the rest of them discards the frame.
- Now introduces a switch which has some kind of intelligence.
- When the devices are connected they advertise their presence.
- The switch caches the port to device mapping.
- When a frame needs to be sent now, since it knows which port is mapped to what MAC address it only sends it through that port and avoiding the noise we had in the case of a hub.
Where links break - Intro to IP.
- Links break when there are large networks or multiple small networks that are inter connected.
- MAC addressing being random is the root cause, how do we find the right device when we have no logic behind MAC addresses.
- Need of routable addressing gave birth to the Internet Protocol.
- IP has a concept of a network and a host.
- We use the concept of networks lets us do the elimination.
- Network is identified using the subnet mask
- All devices in the same network must use link addresses to talk to eachother.
ARP
- Looking at the last point from above,
- We know the device is in my network, I know it’s IP but the requirement says I need it’s MAC address to communicate with it which I do not have.
- To address this problem we have this translation protocol which is used to get the MAC address given the ip.
- Here is how ARP works
- Device A sends a ARP request to the switch/router which then broadcasts it to every device asking who has the ip that is request by device A.
- One of the devices in the network will have that ip and will reply to the switch.
- Now the switch relays this information to the requested device that is Device A.
- There is not auth involved here, so someone could say I am so and so when actually they are not and execute a ARP poisoning attack.
ip neigh show
- ARP only works on the same subnet/network.
- So device in 192.168.1.0/24 cannot request the MAC of someone in 10.0.0.0/24
The gateway
Now we have a way to talk within the network, how do we communicate with another network. That is where the gateway comes in.
- Gateway routes the packets from one network to another.
- The gateway belongs to two different networks.
- Each device that is part of a network has this information configured. They know what gateway to talk to.
Communication with in a subnet
- As explained above we use link addresses when 192.168.1.2 wants to talk to 192.168.1.15 as they both are in the same network
- We embed the IP packet inside the frame which contains the source and destination IP addresses.
- When the packet reaches the other side the kernel first checks the dataframe if it’s addressed to it and additionally unpacks the IP packet and checks if the ip too is addresses to it and rejects it if not.
Inter network communication
- Now let us assume 192.168.1.12 wants to talk to 10.0.0.13, clearly they are not in the same network.
- ARP cannot be used here because these are two different networks.
- This is where gateway comes in.
- The device knows the default gateway and sends this to the default gateway instead of the actual device.
- We use ARP to talk to the gateway.
- The data frame will have source MAC as the device which is sending the data and destination MAC as the device of the default gateway.
- The IP packet will have the source IP as the device sending it and the destination IP as machine it wants to talk to that is 10.0.0.13.
- The gateway receives it, unpacks the frame, unpacks the IP packet. Unlike other devices which rejects if the destination IP is not it’s IP, gateway is configured to accept such packets and forward them.
- Now the gateway understands the other side of the network, will use ARP to find the right device to send to.
- Before sending it would change the source MAC in the frame to its own. While keeping Source and destination IP intact.
- Some cases we change the IP adresses when in a NAT environment for example.
- Then we follow a similar flow back to the source.
Routing tables
There is always a possibility of having multiple gateways.
- Having a default gateway is great but multiple gateways is also possible.
- We can only configure one default gateway for a machine.
- To solve this problem routing table was created.
- What a routing table says is if you want to go to a device go through this gateway that is connected to this interface.
- The routing table has the following information:
- Where do you want to go? (network)
- What is the next hop? - If i want to go this the network above, what is my next hop.
- Is it a direct link or not? can i talk to it using the link addresses of send it to next hop and let it worry.
- weight- the priority of the rule, used to pick the right rule
- which interface to go through? which interface is connected to my next hop. or the network that I can talk to if it’s a direct link.