A Routers Intimacy With MAC Addresses
A router is a network device which routes Layer 3 IP packets.
Table of ContentWhat is a router
How Layer 3 and Layer 2 got together
The Layer 3 & Layer 2 lovetriangleWhy the hell does the Ethernet MAC address change but the IP address doesn’t
Last thought
What is a router
A router is a network device which routes Layer 3 IP packets. A Layer 3 IP packets have unique source IP address and destination IP address in its header. This is what makes a router unique in it’s ways.
IP addresses makes it possible for a user to reach other users over a network, this can either be a local network or a remote network.
How they fell in love
The router depends on physical or wireless cables which carry signals to another PC. Since the TCP/ IP data-link and physical layer define the protocols and hardware required to deliver data across some physical network, then the router thinks,
why not just fall in love with data-link layer protocol to help get the packet delivered.
The Layer 3 & Layer 2 love triangle
PC1: ping 2.0.0.1
When a user (PC1) in a local subnet/network tries to ping another user (PC 2) who reside in a international/remote network, they both rely on a love triangle existing between Layer 2 and Layer 3.
As PC 1 (1.0.0.1 /8) pings PC 2 (2.0.0.1 /8) via it’s IP address, when the message gets to the Router, it checks it’s routing table and points out that PC 2 is in a remote subnet.
So the router swaps its local interface (c802.0d30.0000) for a remote subnet interface (c802.0d30.0010) to deliver this ping to PC 2. This swap is first achieved by an Address Resolution Protocol (ARP) request by PC 1 to it’s default gateway (the Router).
ARP header
An Address Resolution Protocol(ARP) allows PC 1 to learn the MAC address of another device (in this lab, it’s the router, not the Switch) dynamically.
Switches only learn MAC address and the port associated with that MAC address.
PC 1 does this by using it’s source IP address & MAC address, it then goes into the network and asks,
Who is 1.0.0.254 (my default gateway)? Tell me (PC 1)
Then the router (1.0.0.254) replies telling PC 1 it’s MAC address,
It’s me baby, here’s my MAC address c8:02:0d:30:00:00
The router then has to make a few decisions as follows:
Is the destination IP address in this ARP request local or remote? Okay, let me check the subnet mask.
If the destination IP address is local, it ARPs for the destination IP address by sending a request back into the subnet.
If the destination IP address is a remote network, it checks its routing table to see if it has a route to the network. If it does it ARPs for the next hop or default gateway.
The router chooses decision 3, because it noticed this packet is destined for a remote network for which it has a route. So it ARPs the network 2.0.0.0 by sending a broadcast asking,
Who is 2.0.0.1 (PC2), tell me 2.0.0.254 (Router)
PC 2 replies, it’s me baby, here’s my MAC address, 00:50:79:66:68:01
Now, all the necessary information to form an ICMP packet has been recieved by all parties:
PC 1 has the MAC address of Routers interface in its subnet in its ARP cache.
For the Routers interface facing PC 2’s subnet, it has the MAC address of PC 2.
ICMP Echo Request from PC 1
In the above packet capture, PC 1 (1.0.0.1) now has the MAC address of Router 1, that was why an ICMP packet was formed. If it couldn’t get the MAC address of Router 1, the ARP would have failed, and so will the entire process. Now, you are seeing why a routers MAC address is becoming useful. Let us continue.
PC 1 now attempts to send a ping to PC 2 (2.0.0.1). So the Internet Control Message Protocol (ICMP) ping is encapsulated into an IP packet, which is then encapsulated into an Ethernet II frame.
In the above packet capture for PC1’s Echo request, we can see that the ICMP is encapsulated with an Ethernet frame containing the following:
The source address is: PC 1’s MAC Address
The destination address is: The Routers Fast Ethernet 0/0 MAC address.
Here is the actual topology above again, so you can compare & confirm that it's true.
Okay, now on to the next phase.
The Router has received the ICMP Echo Request from PC 1 due to a successful ARP between PC 1 & the Router. So, it smoothly sends the frame out its interface to PC 2, all because it has the PC 2’s MAC address in its ARP cache.
ICMP Echo Reply from PC 2
PC 2 has received the ICMP Echo request, so it gives a reply.
In the above packet capture for PC2’s Echo reply, we can see that the ICMP is encapsulated with an Ethernet frame containing the following:
The source address is: PC 2’s MAC address
Destination address is: Router 1’s Fast Ethernet 0/1 MAC address.
Here is the actual topology above again, so you can compare & confirm that it's true.
Why the hell does the Ethernet MAC address change but the IP address doesn’t
Referring to the Wireshark capture again, where PC 1 (1.0.0.1) sends an ICMP request to PC2. IPv4 encapsulates the ICMP, while Ethernet II encapsulates the IPv4. When the router interface receives the Ethernet frame, and tries to make it’s regular router decision, it strips the IPv4 from the Ethernet II frame, looks at the destination IP address, sends an ARP request (IP address to MAC address mapping) for the destination IP address via the interface connected to the subnet, encapsulating the IPv4 packet with a new Ethernet II frame.
Reading through this process you will notice that the IPv4 packet and ICMP message is left untouched through out the process. Only the Ethernet frame changes.
Last Thought
It’s obvious Ethernet clothes the packet and completes him.
