Routers use the IP layer (layer 3) and switches use the data-link layer (layer 2).

Layer 1 is
the physical 1s and 0s that go over a wire, Layer 2 is the data-link layer, which is protocols
down like Ethernet and Point-To-Point Protocol (PPP), which carries information between
vote adjacent nodes about MAC address from and to and allows for error detection and
retransmission. Layer 3 is the IP layer, which carries information about where in the whole
network the packet is from and to, not just the current hop.

12

The transmission would go like this:

Machine A wants to send a packet to Machine B. Machine A knows Machine B's IP
address, so it places that in the layer 3 packet. Machine A needs to place the MAC
Address of the next hop in the layer 2 packet, however. If it does not know, then it will send
something called an ARP request (Address Resolution Protocol, read
here: http://www.tildefrugal.net/tech/arp.php ) to the network, with the destination IP. One of
a few things will happen here:
1.
The IP is local. The machine with that IP will reply back to the sender with its MAC
address.
2.
The IP is non-local. The gateway router will detect this and send its MAC address.
3.
The IP is non-local and Machine A's default gateway and subnet mask are set.
Using this information Machine A can determine the non-locality of the IP address and
send it to the router's MAC address (ARPing if not known yet).
(If Machine A found this out earlier, it will be in the ARP cache and Machine A will just use
that.) Now that the MAC address is sent, the packet can be transferred (the physical layer
1 performing the actual transfer of data on the wire). The next stop will be the switch. The
switch knows which outbound port the MAC address listed as the layer 2 destination is on,
because it tracks every MAC address it's seen a packet come from and which port it came
on - if it does not know, then it will flood it out every single port, guaranteeing it'll arrive.
As such, the packet arrives at the router. The cool thing about the IP model is that it divides
every single IP address in the network/world into a hierarchy - Subnets by definition cannot
overlap subnets partially, they either wholly contain them or are wholly contained by them.
So as long as subnets follow this hierarchy, the router can unambiguously determine
where each of the 4 billion possible IP addresses are on the network just by looking at
what subnet the IP will fall under in its table! The packet is then sent out that port.
As the packet travels through interconnected ISPs' routers, backbone infrastructure and so
on, it arrives at Machine B's router, where the opposite process happens - router B sees
that its destined for Machine B and sends it inbound. (Similarly, Router B will have to use a
process like ARP to find Machine B's MAC address if not known.) The rest should be trivial
from here.

I am familiar with the basic OSI model but I always get confused how does a packet travel
from one machine to another over the Internet and what OSI layers do come into picture?
down For example, for the following topology:
vote
4
Machine A<----->Switch<---->Router<---->Router<---->Router<---->Switch<---->Machine B

favorite

where the multiple routers are shown to represent the Internet, what happens at the OSI
layer level, when Machine A send a packet (say a simple "ls" command over FTP) to
Machine B.
The above is just a suggested example, but if any one can explain with any other network
topology, that is fine too. All I am looking a very basic explanation of how the packet gets
transformed to different OSI layers at each nodes (Machine, Switch, Router, etc.).

ANDING PROCESS TO FIND SUBNET

We spent time determining the valid ranges of addresses on a given subnet for a reason. Recall from our earlier
look at TCP/IPcommunication that when a host wishes to communicate with another host, it must first
determine whether the destination is local (on the same subnet) or remote (on a different subnet). In cases
where hosts are local, they can communicate directly. In cases where the destination host is on a different
network, the packets must be sent to a router, who will then forward them along on their journey to the
destination network.
In order to determine whether a destination host is local or remote, a computer will perform a simple
mathematical computation referred to as an AND operation. While the sending host does this operation
internally, understanding what takes place is the key to understanding how an IP-based system knows whether
to send packets directly to a host or to a router.
An AND operation is very simple two binary digits are compared, and the based on their combination, a
resultant value is formed. It is neither adding nor subtracting, so do not consider it as such. In the most simple
terms, there are only three possibilities when ANDing two binary digits. The list below outlines these operations
and their results.
0 AND 0 = 0
0 AND 1 = 0
1 AND 1 = 1
Notice that when the binary digits 1 and 1 are ANDed, the result is 1, and that any other combination produces
a result of 0.

The question now becomes how this is actually used. When a host wishes to figure out whether a destination
host is local or remote, it goes through the following steps.
1.

The host takes its own IP address and ANDs it with its own subnet mask, producing a result.

2.

The host then takes the destination IP address and ANDs it with its own subnet mask, producing
another result.

3.

Finally, the host compares the two results. In cases where the ANDing results are identical, it means
that the hosts reside on the same subnet. In cases where the results are different, it means that the
destination host is remote.

Consider this example. Computer A has an IP address of 192.168.62.14 with a subnet mask of 255.255.248.0.
It wishes to communicate with host 192.168.65.1. In order to determine whether this destination is local or
remote, it will go through the ANDing process. Its IP address and subnet mask are lined up in binary, and then
vertically compared to find the AND result. The same is then done for the destination address, again using the
subnet mask of the source host. This is illustrated in the figure below.
Figure: The ANDing process.
Notice that when the resulting AND values are converted back to binary, it becomes clear that the two hosts
are on different networks. Computer A is on subnet 192.168.56.0, while the destination host is on subnet
192.168.64.0, which means that Computer A will next be sending the data to a router. Without ANDing,
determining local and remote hosts can be difficult. Once youre very familiar with subnetting and calculating
ranges of addresses, recognizing local and remote hosts will become much more intuitive.
Whenever youre in doubt as to whether hosts are local or remote, use the ANDing process. You should also
notice that the ANDing process always produces the subnet ID of a given host.

Rather Have
Fast andSecure Remote
Control?
Securely access PCs and servers
worldwide through any firewall. Try it and
see for yourself!
The primary reason for looking at any network model is to better understand how systems communicate. In
real-life, network communication requires that data be encapsulated by the sender, transmitted over the
network, and then de-encapsulated by the receiver. This is best illustrated by looking at what happens when
one system running TCP/IP sends data to another. The list below outlines 5 simplified steps in a typical TCP/IP
data transfer over an Ethernetnetwork. Note that each layer considers whatever has been passed down to it
from an upper layer as data. It doesnt concern itself with what was added by the upper layers.
1.

Data is created by an application such an FTP client program. Lets assume that a file transfer is being
initiated with a local FTP server.

2.

The data is passed to the Host-to-host (Transport) layer, where it is encapsulated to include source
and destination port numbers. These uniquely identify the applications that the data should be passed
between. For example, if this data were being sent to an FTP server, the destination port would be

TCP 21. The data is now considered to be a segment.

3.

The data is passed to the Internet (Network) layer, where it is again encapsulated to include
information such as the source and destination IP addresses. The data is now considered to be a
packet.

4.

The data is passed down to the Network Interface (Data Link) layer, where it is encapsulated for
Ethernet to include source and destination MAC addresses, as well as the an error-checking
mechanism known as a cyclic redundancy check (CRC). The data is now considered to be a frame.

5.

The data is converted to a series of bits, and transmitted across the network.

Tip: A CRC is also often referred to as a Frame Check Sequence (FCS).

Figure: TCP/IP Data Encapsulation Process
Note that upon reaching the destination host, the entire process happens in reverse, with each layer deencapsulating the data by striping away the information that was added at each layer. Eventually, the required
data is passed to the FTP server as intended by the FTP client application. Consider the frame captured below
using Ethereal, a network protocol analyzer. Notice that each heading area directly corresponds to the
encapsulation process just defined (with the exception that the program shows the layers in reverse order).

Ethernet
II
Internet Protocol, Src Addr: 192.168.0.1 (192.168.0.1), Dst Addr: 192.168.0.135
(192.168.0.135)
Transmission Control Protocol, Src Port: 4653 (4653), Dst Port: ftp (21), Seq:
2739356837,
Ack:
204742999
File Transfer Protocol (FTP)