TCP/IP Network Layer Protocols As with all protocol suites, TCP/IP has protocols which work at the Network Layer of the TCP/IP Stack (the OSI Model’s Data Link and Physical Layers). There are six main protocols at this Layer: Media Access Control (MAC) Address Resolution Protocol (ARP) Open Shortest Path First (OSPF) Point-to-Point Protocol (PPP) Layer 2 Tunneling Protocol (L2TP) Neighbor Discovery Protocol (NDP) Let’s go over each of these in detail. Media Access Control Protocol (MAC) Physically, the MAC layer of the OSI Model is where Frames are converted to bits for transmission on the network medium. When receiving data, the opposite is true that the bits are converted to frames. The Media Access Control (MAC) is responsible for determining which packets are meant for the local system. When data is received by a Network Interface Card (NIC), the system is not aware if the information is meant for the local system. All data sent on a network is received by all devices. Once placed back into a frame, a portion of the frame is checked to determine the MAC Address to which the frame is destined. If the MAC Address matches the local NIC, the frame is accepted and sent to the next higher Stack Layer. If the MAC Address does not match the local system, the frame is discarded. Each NIC has a 48 bit MAC Address, or six bytes. The MAC Addresses are supposed to be unique to each NIC, but duplicates can occur. If two NIC’s have duplicate MAC Addresses on the same network, one will not connect to the network as long as the other system is on and connected. MAC Addresses are managed and resolved by the Address Resolution Protocol (ARP). Address Resolution Protocol (ARP) When information must be sent to a host, the MAC Address must be known by the sending host. TCP/IP first checks the ARP cache for the MAC Address of the other host. If the MAC Address exists, it uses the address from the cache. If the address is not in cache, a broadcast is sent to the network looking for a system with the specified IP Address. The MAC Address listed in this frame is FF-FF-FF-FF-FF-FF since it is unknown. Each system retrieves the frame and accepts delivery since the MAC Address is unknown. The frames are sent up the TCP/IP stack to the Internet Layer where the IP Address is checked. The host with the matching IP Address responds to the query with a basic frame. The frame includes the system’s IP Address (already known) and its’ MAC Address. Once the first system receives the frame it notes the MAC Address of the system and places an entry in the ARP Cache. The entry includes the IP Address and the MAC Address. There can also be a setting to show if the information was added dynamically (by the process just discussed) or if the entry is static (manually entered). NOTE: The MAC Addresses are saved for hosts on the local network. Open Shortest Path First (OSPF) NOTE: TCP/IPv4 uses OSPF version 2 while TCP/IPv6 uses OSPF version 3. Networks have become very large and the Internet is a great example of a large network. Frames travelling across the Internet, or even in small WANs, need to be routed to the proper destination. Routers can handle information in one of two ways: forward and route. To forward information is to send it to the appropriate network. To route a frame is to send the frame to the next router in the necessary “direction” of the proper destination. OSPF is used to construct a routing table of the local network. Let’s look at an example: As you can see from the Figure each Router is connected to its’ own network. Router A is connected to Routers B and C, Router B is attached to Router C and Router C is connected to Router D. If someone on Subnet A wants to send information to a server on Subnet B, it forwards the information to the Gateway (Router A). Router A can check the frame for a destination IP Address. The Router checks its’ Routing Table to determine where the destination subnet is located in the network topology. It can determine that the subnet is attached to Router B, so it routes the frame to Router B. Router B receives the frame and forwards it to the local server on its’ subnet. The example seems simple but what happens if the connection between Router A and Router B breaks? If Router A loses connectivity to Router B its’ Routing Table can be checked to know that Subnet B can be reached through Router C. Information can then be routed to Router C, which routes the information to Router B. The frames can then be forwarded to Subnet B in this new route until the connection is reestablished. You may be asking how the router knows all of this information to create a Routing Table. OSPF is the protocol that sends out multicast frames to other routers. Each router has a table of its’ local subnet and can detect neighbor routers. NOTE: A neighbor router is one to which a router has a direct connection. For example, in the above figure Router A has neighbor routers of Router B and C. Each router shares its information of neighbor routers with the other routers. Once the routers are all updated from each other a packet can be routed along the shortest path. As you can see, this is where the name comes from because it routes along the shortest path first. So let’s look back at the example of Router A and B losing connection with each other. Each router sends a multicast at set intervals. When a route is no longer available, it removes the link from the list. Now when a frame comes to Router A and needs to go to Subnet B, the Routing Table can show that the shortest path is through Router C. When the link goes down, all routers will update their routing table as they receive updates from their neighbor router. Once the link is working, the table will be updated again to routers. Point-to-Point Protocol (PPP) PPP is used to create a connection between two systems. The protocol can manage authentication, encryption and compression. Most people who have connected to the Internet using a modem may recall using PPP. IP packets cannot be sent over a phone line by itself so the IP packets had to be sent through a PPP link. PPP allows for fast and secure connections over synchronous and asynchronous connections like serial, phone and other types. For Ethernet networks, Point-to-Point Protocol over Ethernet (PPPoE) can be used for secure connections between two systems. Layer 2 Tunneling Protocol (L2TP) The L2TP protocol is used to create a tunnel between two systems to create a Virtual Private Network (VPN). L2TP does not supply any type of security or privacy for the connection, but when used in conjunction with IPSec, these issues are resolved. L2TP can allow for various offices to extend their local network to connect all offices over the Internet and retain privacy (when using security such as IPSec). Neighbor Discovery Protocol (NDP) NDP is the same as OSPF except for IPv6. NDP has built in security, built in ARP function as well as Inverse ARP. NOTE: ARP and Inverse Arp are discussed in the TCP/IP Application Layer Protocols article. OSPF is currently more used since IPv4 has not been phased out by IPv6. All of these protocols work together to make the Network Layer of the TCP/IP stack function as needed. The protocols of all the layers work together to make TCP/IP the protocol suite of choice for the Internet.