10  Network access layer – Ethernet

  • Within Local Area Networks (LANs), Ethernet has become the most common network access technology. Ethernet is a family of related protocols standardised by the Institute of Electrical and Electronics Engineers (IEEE) in the IEEE 802.2 and 802.3 standards.
  • Ethernet standards define the protocols and technology used within the network access layer. The network access layer accepts packets from the Internet layer and prepares them for transmission over a wide range of physical transmission media.
  • Unlike the other layers of the TCP/IP protocol model, which are software based, network access is implemented in both hardware and software. When you install an Ethernet NIC, it provides appropriate hardware for physical connectivity and signalling for a particular type of transmission media, and provides software for framing and media access control services.
  • Ethernet has evolved to support the demands of modern networks, and can operate over a wide range of speeds. Originally designed to operate at 10 Mbps over coaxial cable, it now supports both unshielded twisted pair (UTP) and fibre optic media, and commonly supported data rates within LANs are 100 Mbps, 1 Gbps and 10 Gbps, although it can support much greater speeds in specialised environments such as data centres.
  • One function of Ethernet is to encapsulate Internet layer packets into PDUs called frames. The frame format remains consistent across all the popular Ethernet speeds, allowing older Ethernet systems to operate alongside newer variants:
Figure 13
  • The important fields to note are:
    • Destination address: the 48-bit MAC address assigned to the NIC. Unlike IP, this address is assigned permanently to the NIC during manufacture.
    • Source address: the 48-bit MAC address of the device to which the frame is sent.
    • Type: the SAP identifying the Internet layer protocol packet encapsulated within the frame. A SAP of 0x800 is used for IPv4, and 0x86DD for IPv6.
    • Data: the payload carried by the frame, typically a packet from either IPv4 or IPv6. The maximum size of a packet that a frame can carry is 1500 bytes.
    • Frame check sequence (FCS): a mathematically generated code used to check that the frame has not been damaged during transmission – similar in function to the check-sum used by TCP. Unlike TCP, if Ethernet determines that a frame has been damaged, it drops it and relies on TCP to arrange for retransmission of the segment the frame contained.
  • Network access protocols control when and how frames are transmitted over a particular transmission media, a technique referred to as media access control (MAC). The addresses used by Ethernet are named after this technique.
  • Ethernet was originally designed to work on networks implemented as bus topologies, where all the devices were connected together using a single coaxial cable.
Figure 14
  • The bus topology required the connected devices to take it in turn to send frames. This was because multiple frames travelling across the coaxial cable simultaneously would cause a collision, and this would prevent them being delivered to their destinations.
  • To manage this process, Ethernet implements a media access control technique called carrier sense multiple access with collision detection (CSMA/CD). This forces devices to monitor the coaxial cable for the presence of frames (carrier sensing), and to wait until the cable is clear prior to transmitting their own. It also provides a mechanism for recovering from collisions in case the carrier sensing fails to prevent multiple frame transmission.
  • Bus topology systems using coaxial cables have been superseded by star topology networks that use UTP cabling.
Figure 15
  • Because UTP contains separate wires that support transmission and reception of frames, a star topology network connected by an Ethernet switch allows all devices to send and receive frames simultaneously without the risk of causing frame collisions. This means that CSMA/CD is not typically utilised in a modern network, although it is still available to provide compatibility with older systems.
  • Ethernet is capable of connecting to coaxial, fibre optic and UTP transmission media, each of which requires a particular type of physical interface. The physical interface provides a suitable socket allowing the connection of a particular type of transmission media. It also contains hardware capable of converting the Ethernet frame into a signal suitable for transmission over the media. For example, Ethernet UTP connections use electrical signals for frame transmission, whereas fibre optic uses pulses of light.
  • Ethernet NICs typically only support one type of physical interface, so it is important to select the correct card based on the transmission media in use.
Figure 16
  • Ethernet UTP NICs are the most common, and most cards can support a range of Ethernet speeds. For example, a 1 Gbps (Gigabit Ethernet) NIC will also be able to support 10 Mbps (Ethernet) and 100 Mbps (Fast Ethernet) operation. When you connect an NIC to an Ethernet switch, the two devices will negotiate the data rate and adopt the highest rate supported by both.
  • Note that although the frame used by Ethernet is currently the same for most common varieties of the protocol, the actual physical signalling requirements are dependent on the data rates used. For example, 100 Mbps (Fast Ethernet) utilises four of the wires in a UTP cable, whereas 1 Gbps (Gigabit Ethernet) utilises all eight wires. Ethernet frames use a unique identifier called a MAC address to identify source and destination devices within an Ethernet network. An Ethernet MAC address is a 48-bit binary value, written as 12 hexadecimal digits, and every NIC card has a MAC address assigned to it during the manufacturing process.
  • MAC addresses are globally unique. They are controlled by the IEEE, who allocate addresses to vendors. Vendors must register with the IEEE, who assign them unique a 24-bit (3-byte) code called an organizationally unique identifier (OUI).
  • All MAC addresses assigned to an NIC or other Ethernet device must use that vendor’s assigned OUI as the first 3 bytes. The remaining 3 bytes are assigned a unique vendor code (serial number):
Figure 17
  • Ethernet uses MAC addresses to manage the delivery of frames locally with a LAN, as opposed to IP addresses, which are used to provide end-to-end connectivity across multiple networks.

The role of MAC addresses in retrieving a webpage

  • The diagram above shows the PC1 accessing a webpage from a WWW server, which you saw previously when you examined the role of transport layer ports. In this version the diagram shows the MAC addresses assigned to the Ethernet NICs of PC1 and the server.
  • In the diagram, PC1 creates a segment containing the HTTP GET request, and selects appropriate source and destination ports. The segment is passed to IPv4, which encapsulates it within a packet containing the source IP address of PC1 and the destination IP address of the server.
  • The packet is passed to the NIC, which encapsulates it within a frame containing the source MAC address of PC1’s NIC and the destination MAC address of the server NIC. The frame is converted to an appropriate signal for the transmission media and transmitted into the network.
  • Network Ethernet switches use the destination MAC address within the frame to forward it towards the server. When the frame arrives at the server, it is accepted because the destination address it contains matches the MAC address of the server’s NIC.
  • The server performs de-encapsulation to recover the packet and checks it to ensure that the destination IP address matches that assigned to the server. If it does, then the frame is again de-encapsulated and the segment is passed to the transport layer.
  • Because MAC and IP addresses uniquely identify two devices, it is considered to be a unicast transmission. However, some network protocols need to communicate with all the devices in a local IP network simultaneously, which requires a broadcast transmission.

Broadcast transmission

  • The diagram above shows PC1 sending the same information to three different PCs in the same IP network. It is using the Address Resolution Protocol (ARP), which operates as a broadcast within an IP network. (Note that you will explore ARP [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] further in the next course.)
  • ARP creates a segment, which is encapsulated within a packet address, using the source IP address of PC1. However, the destination IP address is the ‘’ address reserved by IPv4 for broadcasting to all devices within an IP subnet.
  • The broadcast packet is encapsulated by the NIC into a frame, again using the source IP address of PC1. The destination MAC address is FF:FF:FF:FF:FF:FF, which is reserved by Ethernet for broadcasts to all devices within the local network.
  • Network Ethernet switches forward the broadcast frame to all devices within the IP network, so client devices PC2, PC3 and PC4 all receive copies of the frame. Each device examines the frame, and although the broadcast destination address does not match the MAC address of their NIC, they de-encapsulate it and pass the packet to IPv4.
  • IPv4 also accepts the packet because it recognises and accepts the broadcast IP address, and passes the segment to ARP.

Activity: ARP

Read the description of broadcast transmission in the box above. Can ARP use a broadcast to return information to PC1?

To use this interactive functionality a free OU account is required. Sign in or register.
Interactive feature not available in single page view (see it in standard view).


ARP could use a broadcast, but it will be able to identify PC1 using the source MAC address it finds in the frame carrying the ARP request, so it will use this instead.

9  Internet layer – IPv6

11  Ethernet switch operation