What is the exact use of a MAC address?

126

64

I understand that IP addresses are hierarchical, so that routers throughout the internet know which direction to forward a packet. With MAC addresses, there is no hierarchy, and thus packet forwarding would not be possible. So, MAC addresses are not used for packet transfer.

I don't think it sits there for no reason. So my question is, where exactly does a MAC address come into play during a packet transfer?

Vishnu Vivek

Posted 2013-07-24T08:56:58.600

Reputation: 493

Answers

59

TL;DR> MAC addresses are a low level component of an Ethernet network (and some other similar standards, such as WiFi). They allow a device to communicate with a machine on the local physical network (LAN), and cannot be routed across the Internet - because physical hardware might in theory be plugged in anywhere in the world.

By contrast, IP addresses cover the whole internet, and routers use them to figure out where to send data even if it needs multiple hops to reach its destination – but they aren't helpful in interfacing with the physical hardware on your local network.

If we ever found a better standard than Ethernet, it might not use MAC addresses but IP traffic from the internet could still flow across it, even if other people on the internet had never heard of it.

If we ever found a better standard than IP (for example IPv6 if all the IPv4 addresses ran out), most Ethernet hardware could carry the new kind of traffic without modification – and a simple software/firmware update would fix most of the rest.

MAC addresses are required to make a local Ethernet (or wifi) network function. They allow a network device to attract the attention of a single directly connected device, even though the physical connection is shared. This can be important when thousands of devices are connected together within a single organisation. They serve no function on the wider internet.

To really understand the answer to this question, you need to understand the OSI (sometimes known as the 7-layer) model.

For communication to take place between 2 applications running on separate machines which don't have a direct physical connection, a lot of work needs to take place.

In the olden days, each application would know exactly which machine code instructions needed to be run in order to produce an appropriate signal that would reach, and could be decoded by, the application at the far end. All communication was effectively point-to-point, and software had to be written to suit the exact situation in which it was to be deployed. Obviously, that was unsustainable.

Instead of this, the problem of networking was split into layers, and each layer knew how to speak to the matching layer on a remote machine, and how to communicate with the layer beneath (and sometimes above) it on its local machine. It knew nothing at all about any other layers in place – so your web browser doesn't need to care whether it is running on a machine that uses a token ring, ethernet or wifi network – and definitely doesn't need to know what hardware the remote machine uses.

To make this work, the 7 layer model uses a system rather like nested envelopes; the application creates its data and wraps it in an envelope for the Operating System to deliver. The OS wraps this in another envelope and passes it to the Network driver. The Network driver wraps this in yet another envelope and puts it onto the physical cable. And so on.

The bottom layer, layer 1, is the physical layer. This is the layer of wires and transistors and radio waves, and at this layer, communication is mostly just a stream of ones and noughts. The data goes everywhere that is physically connected. You plug your computer's network port into your switch using a CAT-5 cable.

Layer 2 is the Data link layer. This provides some structure to the ones and noughts, some error detection and correction capabilities, and some indication about which physically connected device (physical connections here can actually be over wifi) should pay attention to the message. This is the layer that MAC addresses come into play, and we'll come back to it later. But MAC addresses aren't the only possibility at this layer. Token ring networks, for example, need a different data link implementation.

Layer 3 is the Network layer. This is the layer that IP works at (though it isn't the only network layer protocol either), and it is this that allows computers to send a message that can get to any machine anywhere on the "network". There does not need to be a direct connection between the machines in question.

Layers 4-7 are higher level protocols. They get ever further away from the hardware and closer to the application. TCP, for example, sits on top of IP, and provides mechanisms that automatically resend messages when they go missing.

So MAC addresses work at Layer 2, and permit 2 machines that are physically connected to one another to send messages that will be ignored by other machines which share the same physical connection.

Suppose I have an application that wants to send some data to the machine with IP address 8.8.8.8

Layer 3 wraps up the data in an envelope that contains, amongst other things, the IP address 8.8.8.8 and then hands this to layer 2.

Layer 2 looks at this IP address and decides which machine that it is directly connected to is able to deal with this message. It will have a lookup table of a selection of the directly connected IP addresses together with the corresponding MAC address of the network card in that machine. This lookup table is constructed using a protocol called ARP, which lets a network card asks questions of the other directly connected devices. Ethernet reserves a special MAC address, FF:FF:FF:FF:FF:FF, which lets a device talk to all physically connected devices.

If the IP address is in the table (or can be resolved through ARP), it will wrap the Layer 3 envelope in a Layer 2 envelope with the MAC address in the new header, and then pass the whole bundle to the hardware at Layer 1. The network card with the matching MAC address will receive the message and the network driver will open the Layer 2 envelope and pass the contents up to whichever part of the operating system is expecting to receive messages at the specific IP address.

Alternatively, if the IP address isn't on the local network, the new envelope will have the MAC address of the default gateway (i.e. Router) configured for this network interface, and the hardware will transport the packet to the router.

The router notices its own MAC address in the layer 2 envelope, and opens the level 2 packet. It looks at the IP address on the level 3 envelope, and works out where the message needs to go next, which is probably going to be the router at your ISP. If the router uses NAT (or similar), it may even modify the level 3 envelope at this point, to keep your internal IP addresses private. It will then wrap the level 3 envelope in a new level 2 envelope that is addressed to the ISP's router's MAC address, and send the message there.

This process of removing the outer envelope and wrapping the contents in a new envelope addressed to the next step in the chain will continue until the message reaches the destination machine.

The envelopes will then continue being ripped off as the message walks back up the layers until it finally reaches its intended recipient, which will be an application somewhere which, hopefully, will know what to do with the message – but will have no idea how the message got there nor indeed all the steps required to get the response back to the original machine.

But it all works, almost like magic!

Note that network switches can use MAC addresses to optimise the flow of network traffic. While an ethernet hub simply forwards all incoming traffic to all of its ports, by contrast a switch can forward traffic only to the single port that the packet's destination MAC address is connected to. This increases the effective bandwidth of the network; by targeting specific ports, the switch avoids forwarding traffic on unnecessary segments of the network. The switch will use either ARP or packet sniffing to identify which devices are connected to which port. Switches completely ignore the contents of the Layer 2 packets.

Bill Michell

Posted 2013-07-24T08:56:58.600

Reputation: 131

@BillMichell, Wow this is amazing! Just some quick questions: 1) What do you mean by "it might not use MAC addresses but IP traffic from the internet could still flow across it"? Do you mean that we build another "IP-like" layer below MAC layer? and 2) Seriously this is where it gets interesting, "most Ethernet hardware could carry the new kind of traffic without modification", please elaborate exactly what kind of traffic are you describing? – Pacerier – 2015-04-06T15:37:53.570

@Pacerier Those questions would seem to be worthy of a follow-up question. Basically, I'm saying the system is built to be flexible, and parts of it can be swapped out freely. In particular, I don't care what hardware you have, as long as you can cope with TCP traffic, and my Switch doesn't care if someone comes up with a new application format – it can still route the Ethernet traffic. – Bill Michell – 2015-04-07T08:59:29.097

Hi! thanks for the answer. As far as I've read, your answer is the best. It would be awesome if you could include some more concepts like ARP and NAT within your scenario. – Vishnu Vivek – 2013-07-26T01:09:41.300

1Added reference to ARP and network Switches. I don't think NAT has anything to do with MAC addresses, being a layer 3 function... – Bill Michell – 2013-07-26T08:39:27.830

@BillMichell: In IPv6 the MAC or other local ('hardware') ID can be used to compose the IP. – Luciano – 2013-07-26T15:37:42.723

The answer is community Wiki. You can probably edit it to include this additional information if you think it will help answer the OP's question. – Bill Michell – 2013-07-26T15:48:50.133

This needs a TL;DR. – AJMansfield – 2013-07-26T16:33:23.920

114

What are MAC addresses used for?

MAC addresses are the low level basics that make your local ethernet based network work. Local means that the network devices are either directly connected through a cable or by WiFi or over a network hub or network switch.

Network cards each have a unique MAC address. Packets that are sent on the ethernet are always coming from a MAC address and sent to a MAC address. If a network adapter is receiving a packet, it is comparing the packet's destination MAC address to the adapter's own MAC address. If the addresses match, the packet is processed, otherwise it is discarded.

There are special MAC addresses, one for example is ff:ff:ff:ff:ff:ff, which is the broadcast address and addresses every network adapter in the network.

How do IP addresses and MAC addresses work together?

IP is a protocol that is used on a layer above ethernet. Another protocol for example would be IPX. IP allows connecting of different local networks and thus forming a corporate network or the global internet.

When your computer wants to send a packet to some IP address x.x.x.x, then the first check is if the destination address is in the same IP network as the computer itself. If x.x.x.x is in the same network, then the destination IP can be reached directly, otherwise the packet needs to be sent to the configured router.

Up to now things seem to have gotten worse, because now we have two IP addresses: one is the original IP packet's target address, the other is the IP of the device to which we should send the packet (the next hop, either the final destination or the router).

Since ethernet uses MAC addresses, the sender needs to get the MAC address of the next hop. There is a special protocol ARP (address resolution protocol) that is used for that. Once the sender has retrieved the MAC address of the next hop, he writes that target MAC address into the packet and sends the packet.

How does ARP work?

ARP itself is a protocol above ethernet, like IP or IPX. When a device wants to know the MAC address for a given IP address, it sends a packet to the broadcast MAC address asking "Who has IP address y.y.y.y?" All devices receive that packet, but only the one with the IP address y.y.y.y will respond with a packet "It's me." The asking device receives the answer and now knows that the source MAC address of the ARP packet is the right MAC address to use. Of course the result will be cached, so the device does not need to resolve the MAC address every time.

Routing

I almost forgot to mention: there is no routing based on MAC addresses. Low level ethernet and MAC addresses can only reach every device on the same network (cabled or wireless). If you have two networks with a router in between you cannot have a device in network A send a packet to the MAC address of a device in network B. No device in network A has the MAC address of the device in network B, so a packet to this MAC address will be discarded by all devices in the network A (also by the router).

Routing is done on IP level. Simply seen the router is just doing what I described above in the section "How do IP addresses and MAC addresses work together?". The router will receive packets for its own MAC address but for a different IP address. He will then check if he can directly reach the target IP address. If so, he sends the packet to the target. Otherwise the router itself also has an upstream router configured and will send the packet to that router.

Of course you can have multiple routers configured. Your home router will only have one upstream router configured, but in the internet backbone the big routers have big routing tables so they know the best ways for all packets.

Other use cases for MAC addresses

  1. Network switches store a list of MAC addresses seen at every port and only forward packets to the ports that need to see the packet.

  2. Wireless access points often use MAC addresses for access control. They only allow access for known devices (MAC address is unique and identifies devices) with the correct passphrase.

  3. DHCP servers use the MAC address to identify devices and give some devices fixed IP addresses.

Werner Henze

Posted 2013-07-24T08:56:58.600

Reputation: 4 214

best explanation! – minigeek – 2017-08-17T10:26:20.123

Your answer is pretty good, but I've got 2 points that are still unclear:

  1. If x.x.x.x is in the same network, then the destination IP can be reached directly - that sounds to me that host A has a direct link (like a direct physical cable) to any other host on the same network. I don't understand the word "directly" in your phrase. Won't the package be sent from A to B through the router, even if they are in the same network?

2 - I still don't get why a host needs to use the MAC address to know that a package is addressed to itself. Couldn't IP be used for that as well? – Rafael Eyng – 2018-06-20T02:47:28.900

@RafaelEyng 1. Your guess is correct, the packet is sent directly to the (MAC of the) destination, the packet is not sent to the (MAC of the) router. There must be a direct physical cable to the destination (or WiFi link). That connection can be done over a network hub or network switch. I have updated my answer posting so that your question 1 should be answered. – Werner Henze – 2018-07-03T08:23:01.453

@RafaelEyng 2. Yes, that might work. But... you might have a PC where the network card knows the MAC and can filter to this MAC -> reduces system load, but the network card does not know your IP (or your IPs). So the network card would need to know the IPs (extra work) or need to forward all packets to the OS (more system load). And... what about other protocols like IPX? The network card would need to know all of them and all the addresses. So creating different independent layers makes each layer much easier. – Werner Henze – 2018-07-03T08:28:49.743

I don't like this answer. Wikipedia seems to be more accurate than this. For example, "..., the other is the IP of the device to which we should send the packet (the next hop, either the final destination or the router)." AFAIK, the destination IP nevers changes during the transmission (except when NAT involved). And "The asking device receives the answer and now knows that the source MAC address is the right MAC address to use. " Isn't "source" should be "destination" or "target" MAC address here? – Rick – 2019-07-15T04:48:41.827

1@Rick You are right, the destination IP for a connection does not change. But in the cited paragraph I was talking about the direct destination of the packet - which might be the router, and the router might change during the connection. Regarding your second comment I changed the text to "source MAC address of the ARP packet". I hope that is more clear. – Werner Henze – 2019-07-15T09:01:33.397

16+1 for actually answering the question in a way that people who don't already know the answer can understand. – fluffy – 2013-07-24T17:51:18.960

I can't help but feel the urge to create an awesome infographic/diagram somehow, the way MAC/IP interact is quite interesting! – NRGdallas – 2013-07-24T21:56:36.027

1nice answer just a detail: MAC addresses are also used for non Ethernet devices and was you describe basically holds for any data-link layer used with an IP stack – kriss – 2013-07-25T04:23:08.227

Worth noting about Wi-Fi MACs: While they are generally unique and can be used to identify devices, they're easy to spoof and sent in the clear over the air. If there is no other encryption/authentication used on the connection, or if the other encryption/authentication mechanism(s) are weak (e.g.: WEP), it is very trivial for an attacker to impersonate an authorized device and join the network. – Iszi – 2013-09-04T20:50:20.660

47

The MAC-Address (Media Access Control address) in general is the identifier of devices in a network. So every NIC (network interface controller found in a router, PC, network-printer, server etc.) have MAC addresses. Some servers have more than one network card built in and therefore have multiple MAC addresses. The MAC address is 6 Bytes long (6 octets). Left is the most significant Byte and right the least significant Byte. As you can see in the picture below, the first 3 Bytes are the Organizationally Unique Identifier. This indicates the manufacturer who made this device.

Here's a list of Organizationally Unique Identifier: Standards.ieee.org

Here's an alternative to the above: MAC-Vendor-Lookup

A few examples of common known manufacturers:

  • 00-05-5D (D-Link Systems Inc.)
  • 00-09-5B (Netgear Inc.)
  • 00-E0-4C (Realtek Semiconductor Corp.)
  • 00-E0-4F (Cisco Systems Inc.)
  • 00-E0-64 (Samsung Electronics)

The last 3 Bytes (3 octets) are randomly assigned by the manufacturer.

As pjc50 stated correctly the MAC address in an Ethernet network helps the switches decide which packet to send where. There is also a Broadcast-MAC-Address. ff:ff:ff:ff:ff:ff is used for the Broadcast-MAC-Address. Note that the MAC-Address can be changed so be careful using it as a definite device identifier! The MAC-Address is also used with the ARP (Address Resolution Protocol) protocol. So how it works is, PC A sends a ARP-Request to PC B with its own IP-Address, MAC-Address, the IP-Address of the receiver and the broadcast address mentioned above (ff:ff:ff:ff:ff:ff). After that PC B checks if the Packet was send to him or not. If yes, then PC B sends its own MAC-Address, IP-Address, the MAC-Address of the receiver and the IP-Address of the receiver back. The other devices discard the packet.

Both PC A and B usually save the successful connection in the so called ARP-Cache. The way the PCs save the connection differs from device to device. If you don't know the IP-Address then you can get the IP-Address with the Reverse Address Resolution Protocol (RARP). With RARP the device contacts a central client and asks it for the IP-Address. But this method is hardly used nowadays.

The following technologies use the MAC-48 identifier format:

  • Ethernet
  • 802.11 wireless networks
  • Bluetooth
  • IEEE 802.5 token ring
  • most other IEEE 802 networks
  • FDDI
  • ATM (switched virtual connections only, as part of an NSAP address) Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)

Meintjes

Posted 2013-07-24T08:56:58.600

Reputation: 468

@ultrasawblade, To be pendantic, the terms are largely debated so "packets" and "frames" can mean any of either. You must always say which packet and which frame. – Pacerier – 2015-04-06T15:43:26.240

4More accurately than "every Device (...) have MAC-Addresses.", **every NIC has A MAC address**. (Not taking the ability to set a custom MAC address into account.) Not all printers have network cards built-in, and many servers have more than one network card and thus more than one MAC address. – a CVn – 2013-07-24T09:53:48.107

1When does the switch know the MAC address of every device it connects? And how? – WiSaGaN – 2013-07-24T10:01:57.320

2

Lets Say PC-1 sends a Packet to PC-2. Now the Switch only reads the MAC-Address of PC-1 and saves it into a table. If you want more Info on how it works, read this: How LAN Switches Work :)

– Meintjes – 2013-07-24T10:08:02.547

3Another point is that the MAC address is how the NIC decides what to discard and what to send to the processor for handling. An Ethernet frame encountered on the wire has its destination MAC address XOR'd with the NIC MAC address and if the result is all 0s then it's a frame intended for this NIC. – bbayles – 2013-07-24T12:20:05.893

7-1: The question asked how MAC addresses are used, not what a MAC address is. The only part of your answer that addresses the question is the bullet list at the end, and it doesn't go into much detail. – Kevin – 2013-07-24T15:23:17.697

1To be pedantic, "packets" are what the IP protocol calls its "Protocol Data Unit" (PDU). The PDU for Layer-2/Ethernet/switches/hubs are called frames. Frames contain IP packets. An IP packet can be fragmented and span more than one frame. The TCP/IP stack on the receiving end is responsible for reassembly, not the switch. – LawrenceC – 2013-07-24T16:50:54.707

4

The picture is taken from wikipedia: http://en.wikipedia.org/wiki/File:MAC-48_Address.svg, pictures licensed under creative commons must be attributed to their authors when used.

– Étienne – 2013-07-24T21:27:47.453

Thanks for all your comments, I Updated my Answer. Hope you guys can give more feedback's. – Meintjes – 2013-07-25T18:03:25.180

24

They are used for packet transfer: on an Ethernet network, there are a number of devices, and the MAC address specifies which device should receive the packet. Ethernet switches will use it to choose which port to send out a received packet on.

pjc50

Posted 2013-07-24T08:56:58.600

Reputation: 5 786

5May be interesting to note that Ethernet originally was a bus medium, where all machines physically shared the same media (this is still true for wireless networks). So logically it works like that. – LawrenceC – 2013-07-24T11:29:52.383

and still true for networks that still use hubs :) – Doon – 2013-07-24T18:00:48.800

henceforth switches are just a facility (really became wide spread with RJ-45 LANs) we can and do have IP networks without them (using hubs or 802.11) – kriss – 2013-07-25T04:30:05.867

7

Forget hierarchy in this case, it not a very important issue.

MAC address are addresses for layer 2 (link layer) in the ISO/OSI or TCP/IP models. IP addresses are from layer 3 (Network layer) in the same models.

In a layer 2 network, for instance a common Ethernet network, there exists a collision domain, where all the equipment connected can receive all the frames (layer 2 unit data) from any endpoint. But nobody outside the network can receive these frames. MAC addresses are addresses in these domains.

Packets are the layer 3 unit data, typically, IP packets. They travel through one or more collision domains. IP addresses are the addresses in this domain.

Switches are layer 2 devices and forward frames using MAC addresses tables. Routers are layer 3 devices and they forward packets using IP addresses tables.

logoff

Posted 2013-07-24T08:56:58.600

Reputation: 197

6

The MAC address is used on the physical transfer. An ethernet adapter does not know anything about IP. So the ethernet adapter uses the MAC address to address the receiver of the data packet.

If the ethernet adapter would know anything about IP then we have to upgrade all our firmware to switch to a new protocol (like IPv4 to IPV6).

Also the MAC address has some information in it about the manufacturer in it.

Uwe Plonus

Posted 2013-07-24T08:56:58.600

Reputation: 1 354

3Routers do not use the MAC address to route anything. They use IP addresses. Hubs copy traffic unmodified out of their ports, but this would be called bridging, since the traffic does not traverse over a different network, but over the same network. – LawrenceC – 2013-07-24T11:21:30.110

6

Ethernet assumes the other computer (the other MAC) it wants to talk to is directly reachable out of its network adapter. IP does not. IP assumes it can reach any other IP in the entire world and that if it can't reach it on the current subnet, a router will carry it there, NAT notwithstanding. The notion of gateways does not exist in Layer 2 or Ethernet.

If you have a number of machines connected to a switch, and will not ever need to trade traffic with other networks/the Internet via a router, then you really don't need to have IP up and running. Of course, an application would have to implement or provide their own protocol above layer 2, since pretty much all OSes and applications assume you always want to use TCP/IP.

Always remember the 'Internet' in IP means 'internetworking' meaning really it is concerned with getting traffic between networks more than in a network, though obviously it can be (and is) used for that too.

LawrenceC

Posted 2013-07-24T08:56:58.600

Reputation: 63 487

The first paragraph is the perfect answer! Illuminating! – Milind R – 2015-05-02T20:05:25.837

5

It is used when the ARP (Address resolution protocol) for IPv4 or the NDP (Neighbor Discovery Protocol) for IPv6, translates the IP Addresses into MAC addresses to determine which unique host the frames should be sent to.

Jesper Jensen

Posted 2013-07-24T08:56:58.600

Reputation: 654

This is pretty close, but it doesn't cover all the usage. That's how a MAC relates to TCP/IP, but a MAC is used for far more than just that. This is the first answer I'm not giving a -1 to though (working from the bottom of the page up). – Mark Henderson – 2013-07-25T00:38:41.367

@Mark Henderson Thanks for the criticism. Well I just tried to answer the question How MAC addresses were used in packet transfer and then I assumed it was on an Ethernet level. And yes it is a simple answer, but I'm answering on a level that suits my own level :) – Jesper Jensen – 2013-07-25T11:54:37.173

3

To complete other's answers, I would add that MAC address is even more critical for routers than for switches. What I mean by more critical is that switches are not really necessary for IP network to exists. Il you look 20 years backwards (before RJ-45) Local IP networks worked perfectly without switches non routed ethernet networks were simply connecting devices on the same wire, (have a look to X base-T ethernet technology for instance).

On the other hand IP networks were invented to support routing and relies on MAC and IP addressing schemes.

Routing packets in IP networks means that when the target machine can't be accessed directly it will first be sent to another machine (the gateway) that is nearer to the final IP target.

In terms of network packet headers it means that a packet sent to a gateway will have as target in the ethernet level header the MAC address of the gateway, the IP level header being left unchanged.

You should also notice that MAC addresses usually means nowaday either MAC-48 (physical device address) or EUI-48 (logical device address) or even the 8 bytes EUI-64 addresses used in larger networks. Historically MAC was invented by Xerox for Ethernet technology and later reused for other network transports technologies (802.11, Bluetooth, FibreChannel, BlueTooth) needing to identify a device.

As I said you can use another layer-2 instead of ethernet, but most uses a MAC address as network identifier and the underlying MAC/IP correspondance scheme holds and you can still use ARP. As far as I know all IP stacks relies on correspondances table between MAC addresses and IP Addresses.

Some other kinds of device nodes identifiers exists for non IP Stacks. For instance X.25 does not relies on MAC addresses, but on virtual channels established on a per connection basis, or ATM Devices are identified in ATM networks using SNPAs. But neither X.25 or ATM are IP stacks (and even ATM uses MAC addresses format as parts of it's SNA, rough equivalent of an IP address for ATM).

kriss

Posted 2013-07-24T08:56:58.600

Reputation: 221

Routers don't care about MAC addresses. They do care about the subnet assignment to each of their at least 2 NICs, but not really about the MAC addresses. They forward (i.e. copy) traffic from one IP to another, not from an IP to a MAC or anything like that. – LawrenceC – 2013-07-24T11:19:08.867

4@ultrasawblade, your statement is absurd. If a router is connected to an Ethernet network, then it must communicate using the Ethernet protocol. IP packets will be encapsulated in the Ethernet Frame. Which means knowing the mac addresses of all the **directly Ethernet hosts ** systems is an absolutely required. A layer 3 device doesn't magically just communicate on a layer 3 protocol, it must encapsulate the layer 3 protocol within a layer 2 protocol, which is then transmitted over the layer 1 medium. – Zoredache – 2013-07-24T23:34:27.077

3I disagree with your first sentence - they are not "more critical" for routers than switches - they are all of equal importance throughout the entire Ethernet network. – Mark Henderson – 2013-07-25T00:34:59.180

1You could replace the underlying layer 2 with something entirely different (though I don't know what) and IP will still work the same. The IP protocol (Layer 3) doesn't care if the individual hosts are addressed beneath by MAC or some other scheme. Of course there is need to maintain IP to MAC mapping - but it's difficult to know if ARP really "belongs" to Layer 3 or Layer 2. The point is the layer 2 protocol doesn't have to be Ethernet and IP doesn't care/need to know what the Layer 2 protocol is. – LawrenceC – 2013-07-25T02:43:08.190

2@Mark Henderson: as I'm old I remember a time when there wasn't any switches around. They are not really a critical piece of equipment IP networks can works without switches. Switches merely used a preexisting data network layout. If we currently have them ubiquitously around is a consequence of RJ point-to-point technology replacing old buses. In other words: MAC addresses were not invented for making the switches work. On the other hand IP networks were invented for routing purpose, hence MAC to IP relationship is critical. – kriss – 2013-07-25T04:41:34.337

2

Think back to the pre-switch days (hubs).

If people are computers, then the MAC address is their name.

Pretend lots of people (the computers) are on the same telephone call. Everyone is talking at the same time.

YOU (one computer) hear ALL of this chatter, but you don't know what you should listen to, UNTIL someone says your name (your MAC address) at the start of a sentence (a packet).

"FRED, THERE IS ICE CREAM!"

Of course, you also listen to sentences sent to the broadcast address. Just consider that to be someone yelling,

"EVERYONE, THERE IS ICE CREAM!"

As more people (computers) got on the conference call, the more you have to filter out. Technology advanced and switches allowed us to talk directly to one person (computer/MAC) so that they wouldn't have to work so hard to filter out all that noise (and to free more bandwidth).

IP is very similar in the basic analogy, but it has more features and layers on top of MAC addressing. Layers 2 and 3 in the OSI Model, respectively.

Randy James

Posted 2013-07-24T08:56:58.600

Reputation: 151

You don't need to think back to pre-switched days. MAC addresses are alive and well and used in every single packet that leaves your Ethernet adapter today, right now. – Mark Henderson – 2013-07-25T00:33:54.957

Very true. But it helps with the analogy. And the NICs still behave the same way. – Randy James – 2013-07-25T13:20:37.000

2

The MAC address is necessary because there are multiple addresses attached to the "bus" (the Ethernet network). A sender needs to be able to identify the receiver, as well as identify itself to the receiver.

All hardware buses need addressing, because multiple senders and receivers share the same wires, and messages have to go to specific receivers, and also identify the originating senders.

I2C, PCI, Ethernet, you name it.

We have multiple addresses in inter-networking (IP address and hardware address) because a hardware-level address is only local to a particular physical network. As a datagram travels from network to network, it tends to keep its network level address, but it changes hardware addresses numerous times along the way. When going over some networks, it might not have a hardware address at all, and in some other ones it might have a hardware address which is not an ethernet MAC. (Network addresses can be rewritten by a NAT gateway, of course, but hardware addresses are stripped and replaced with different ones each time a packet crosses a router.)

Kaz

Posted 2013-07-24T08:56:58.600

Reputation: 2 277

1

In the old days networks were shared buses. Each networked device connected to the same wire, or to a hub which meant that every packet you sent out was received by every device on the network.

The networking software was simpler then. Every device had a MAC address, which was guaranteed to be unique. It didn't need to be anything else - all it did was make sure that no two devices on the same network had the same address.

If your device wanted to talk to another device it would send out a packet with the recipient's MAC address, and the recipient would pick it off the network. All the other devices would ignore it - it wasn't addressed to their MAC address.

Over time people attached too many devices to the network, and they couldn't keep up with the traffic, so they started separating networks, and would attach two networks with switches. These switches had huge tables telling them which MAC addresses where on each networks. If they saw a packet on one network addressed to a MAC address on the other network, they would copy the message to the other network. They wouldn't copy all the messages, though, just the ones that needed to go to the other network.

This reduced congestion and allowed more devices to be networked, and more overall traffic to be handled. This is a packet switched network.

However it didn't solve all the problems, and suffered one huge disadvantage - as the switch tables got bigger, networks slowed down. If you connected 5,000 machines to 50 different networks all interconnected with switches, each switch had to learn all 5,000 MAC addresses and route packets based on that.

That wasn't a big deal until people from different institutions, like universities, wanted to connect their networks together, and the tables required would have been tremendous. Keeping track of a few hundred thousand MAC addresses today doesn't seem like a big deal, but in the 1970's when this was occurring the switches were computers themselves, with limited memory and speed, and keeping track of and quickly switching packets for a few hundred was a problem.

The solution was going to an IP network, and using routers. This is built on top of the MAC address based switched packet network. Rather than raw data, the packets now contain an IP packet - a packet within a packet.

Now larger networks are connected with routers. These wait until they see a packet with their MAC address, then they take the IP packet out and examine the IP address. They then re-wrap the IP packet into another packet with a new MAC address recipient on it and send it on a new network. That MAC address is probably to another router on the new network, but it could also be the machine with the IP address.

In today's networks you rarely see hubs and buses (except in wireless networks, where the medium is inherently shared) and instead my machine connects directly to a switch, which them connects to a router.

My machine has a variety of algorithms and protocols so it knows how the network is set up.

If I send an IP packet out to a machine on my local network, my machine will put it inside a packet with the correct MAC address. The switches will switch it to the correct network locally, and the machine it is destined for will receive it because it has the right MAC address. It will them take out the IP packet and double check that the IP address is also intended for it, and act accordingly.

If i send out an IP packet intended for a machine somewhere else on the internet, my machine knows to send it to the router, so it puts it inside a packet with the router's MAC address. It's again switched locally in my network until it hits the network the router is on, then the router takes it, pulls the IP packet out, examines the IP packet, and based on its knowledge of the internet, it sends it to another router on another network, wrapping it in a packet with the MAC address for the intended router or destination computer.

There are a lot of little details I've glossed over, and some truly interesting algorithms and protocols in play that make everything work, but that is the basic story of what the MAC address does for us, even today.

Adam Davis

Posted 2013-07-24T08:56:58.600

Reputation: 4 327

1You started off well, but you lost it in the middle where you start talking about interconnected networks. Switches were not common until the 90's but routing existed 20 years prior to that. – Mark Henderson – 2013-07-25T00:27:21.080

-1

The root difference is that MAC is assigned by the manufacturer at manufacturing time, while IP address are assigned at connection time.

MAC is necessary because it can be used to identify a device before connecting to the network; however because it is statically assigned, it is pretty much distributed randomly, so it is unsuitable for efficient routing over more than a single network (doing so would require every device on the planet to have a huge routing table to all other devices on the planet). Therefore IP address are necessary because it is assigned at connection time, and the way its assigned allows more efficient long-distance routing (with IP, most devices only need to know its adjacent networks).

If there is only IP address, then devices that haven't been assigned an IP address won't be able to tell which message are meant for them. How would you determine that this DHCP is meant for you and not someone else also requesting address assignment at around the same time?

Of course MAC are also used for other parts of packet sending, but most of those uses are pretty much incidental and can (at least in theory) be replaced by dynamically assigned number (e.g. IP address).

Lie Ryan

Posted 2013-07-24T08:56:58.600

Reputation: 4 101

@LieRyan, Actually we can change our PC's MAC address.......

– Pacerier – 2015-04-06T15:52:17.437

@Pacerier: and how is that relevant? My main point is that MAC is always statically assigned, whether you use the factory default or whether you assign it before connecting to the network is besides the point. – Lie Ryan – 2015-04-06T16:06:55.357

+1 for why we didn't just continue using MAC addresses. – deed02392 – 2013-07-24T16:17:11.030

3First paragraph is technically correct, but that's not the root difference. The root difference is that a MAC belongs to Ethernet, and an IP belongs to TCP/IP. You can run TCP/IP over multiple Layer 2 protocols (ATM, for example), and there is more than just TCP/IP that runs over Etherhet. There is no such thing as "before connecting to the network", but there is "Before getting an IP address from DHCP". But the MAC is still used after then - as it sits on a different layer in the OSI model. The last paragraph is downright wrong - there is no replacement for a MAC address in networking. – Mark Henderson – 2013-07-25T00:32:07.697

@MarkHenderson: My point is that MAC belonging to Ethernet and IP to TCP/IP is pretty much a historical accident; theoretically, if we redesigned the entire internet stack from scratch (and ignore OSI and compatibility with other networks), it would be possible to replace most uses of factory-assigned number (e.g. MAC) with dynamically-assigned number (e.g. IP), except that there are a number of packets that need to be sent/received before a dynamically-assigned number can be acquired, which is why a factory-assigned globally unique identifier is necessary. – Lie Ryan – 2013-07-25T00:54:55.713

@MarkHenderson: IMO, saying that we need MAC and IP because MAC is layer 2 and IP is layer 3 is just like saying "we need it because we had designed internet to be that way", it misses the point and gives no useful information whatsoever. What I'm answering here is why both factory-assigned and dynamically-assigned identifier are necessary due to the nature of the problem, and what entails from an internet stack without either (loss of routing efficiency for no dynamically-assigned ID and difficulty of uniquely addressing a device before dynamic ID assignment for no factory-assigned ID). – Lie Ryan – 2013-07-25T01:07:00.277