Understanding Data Link Layer Encapsulation

Understanding Data Link Layer Encapsulation will answer an important question: Why layer 2 uses different set of protocols for different type of cables to Encapsulate Frames? Well, nowadays, Ethernet cables (Copper or Fiber) and its Encapsulation protocol dominate both Network types – LAN and WAN. Having said this, each different WAN Technology such PPP, HDLC, Frame Relay, or E-MPLS uses it’s own way to encode bits electronically.

Since the Electronic Encoding of bits in each WAN technology is different, then cables, protocols, and encapsulation will be different. That’s explains why Layer 2 uses different set of protocols for different type of cables when it encapsulate frames. You will rarely see Frame Relay, HDLC, or PPP being used anymore. Always remember this part: from data link layer perspective, it would be impossible to Frame IP packets that come from different WAN technologies using a Universal Data-Link Protocol.

Data Link Layer Protocols

Based on Media used, Data link Layer encapsulates IP Packets into HDLC, PPP, Frame Relay, or Ethernet frames, and since Data-Link Layer deals straight with the physical layer that might be different technology on each Hop, Data-Link Layer must use different types of protocols (Or be able to speak each cable language) to reframe/repackage IP packets across different types of cables while the IP packets are being routed from device to device.

Encapsulation type is based on Technology being used:

• Ethernet Protocol will be called for framing if the Network device uses UTP copper RJ45 cables.
• PPP or HDLC Protocol will be called for framing when serial leased line cabling through Telco PSTN is used.
• Frame Relay Protocol will be called for framing when the connection uses Frame Relay switching for WAN or internet connection.

Note the Different between Layer 3 and Layer 2 Encapsulation

Network Layer encapsulates Segments into IP Packets using a Universal Logical Protocol called IP Protocol, and since its virtual, logical, and not Physically Burned-in Address system, it can be used across all the different type of Networks regardless what type of cabling being used.

Therefore, we have ONLY 2 Protocols to Encapsulation with at the Network Layer: IPv4 and IPv6, but at the Data Link Layer, there is no logical Addressing system, rather, it is Burned-in Address system such Ethernet MAC Addresses, PPP, HDLC, or Frame Relay Hardware Addressing, hence, each Technology uses different protocol to Frame IP Packets.

Ethernet Data Link Layer Encapsulation

It’s important to remember, that each language sort of say has it’s own way of encapsulation, and Ethernet is no exception. The following image shows how Ethernet uses EtherType filed to indicate that the receiver on the other side must be Ethernet capable device to unframe the payload.

As you can see from the upper payload image, this is just a part of how it looks like when Ethernet Encapsulation is being used for packaging. What you don’t see in the upper image is for example, if it was an HTTP or FTP Application layer request

Meaning, the Application service request filed is located all the way on the right side, but it’s not visible in this payload image since we are focusing on the Ethernet Type of Encapsulation right now, however, it’s there.

It’s important to remember, that HDLC and PPP as different type of encapsulation technology, use their own encapsulation filed for packaging IP packets indicating that the receiver on the other side must have either HDLC or PPP capability to unpack the encapsulation and handle the IP Packet to the Network layer.

However, notice that both protocols HDLC and PPP use the same media type, however, when Ethernet Type of Encapsulation is being used, the Media (Cable Type) is different and the hardware port is also different.

You can’t use Ethernet Protocols and Serial Protocols using the same Hardware port, each encapsulation technology must use different type of hardware port, hence, different type of cabling.

Serial Link Encapsulation Protocols

The most common Serial Data Link Layer protocols to encapsulate (Package) IP packets between two routers when Serial port is being used are:

• High-Level Data Link Control (HDLC)
• Point-to-Point Protocol (PPP)

HDLC

All data link protocols perform a similar role: to encapsulate and deliver data over a physical link of a particular type. E.g. the Ethernet data link protocol uses a destination address field to identify the correct device that should receive the data (a MAC address is used), and FCS field that allows the receiving device to determine whether the data arrived correctly. HDLC is no exception, it use similar functions.

HDLC frame with its Header and Trailer

HDLC has other fields and functions similar to Ethernet. The following table shows the similarities between HDLC and Ethernet fields.

Originally, HDLC was meant to OSI Networking Model; therefore, it had no Type Filed to carry the TCP/IP Model Type such IPv4 and IPv6 protocols.

Routers need to know the type of packet inside the frame (Is it IPv4 or IPv6?). So, Cisco routers use a cisco proprietary variation of HDLC that adds a Type filed. The Green color type filed below indicates if this encapsulation is IPv4 or IPv6 based on specific number.

Using Point-to-Point Protocol (PPP)

PPP defined in the 1990’s, was designed with Routers, TCP/IP, and other Network Layer Protocols requirements in mind, plus many more advanced features.

The following is a Concept of PPP several functions that are useful on a leased line to connect two Routers successfully.

PPP list of functions:

• Definition of a Header and Trailer:  that allows delivery of a Data frame over the Link. (Similar to other Data-Link Protocols such Ethernet Header and Trailer)
• Support for both Synchronous and Asynchronous link rates. (Symmetric or Asymmetric rates – good to for both: Home and Business users).
• A protocol Type field in the header: allowing multiple Layer 3 protocols to pass over the same link such IPv4 and IPv6.
• Built-in Authentication tools: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP)
• Control protocols for each higher-layer protocol that rides over PPP: allowing easier integration and support of those protocols.

PPP Frame

PPP defines a Protocol Type field. The protocol type field identifies the type of packet inside the frame, either IPv4 or IPv6. The following shows a PPP frame.

PPP Control Protocols

Link Control Protocol (LCP) – as Layer 2 Control Protocol: Has several different individual functions; each focus on the Data-Link Layer 2 itself.

LCP: The PPP LCP implements the control functions that work the same regardless of the Layer 3 protocols used. The following table, summarizes the functions of LCP (Layer 2 control protocol), LCP feature names, and describe the features briefly.

Note: PPP defines a set of layer 2 control protocols that perform various link control functions. The idea of these extra protocols works a little like how Ethernet includes additional protocols like STP.

Ethernet Has Headers and Trailers to deliver frames, plus it defines overhead protocols like STP to help make the frame forwarding process work better by preventing frame looping through STP.

Likewise, PPP defines the frame format as shown in upper PPP header figure, plus it defines other protocols (similar to Ethernet) to help manage and control the serial link.

Network Control Protocols (NCP) – as Layer 3 Control protocol: Has to deal with 2 IP Protocols: IPv4 and IPv6. So, because at Layer 3 there are 2 IP Network Protocols used to route packets (IPv4 and IPv6), therefore, there will be 2 different NCPs, one for each.

The PPP NCPs: associated only to deal with Layer 3. The Following Network Control Protocols used to Control Layer 3 Network Protocols when PPP is being used through the leased line connection:

• IPCP: controls IPv4
• IPv6CP: Controls IPv6
• CDPCP: Controls Cisco Discovery Protocol (CDP)

Point to Point Authentication Mechanism

WAN authentication is most often needed when dial-up is used. However, the configuration of the authentication features remains the same whether a leased line or dial-up line.

PPP defines two authentication protocols: PAP and CHAP. Both protocols require the exchange of messages between devices, but with different details.  PAP uses Clear Text password which is unacceptable. CHAP instead uses a one-way hash algorithm, called message digest 5 (MD5), with input to the algorithm being a password that never crosses the link plus a shared random number.

CHAP process also uses a hash value only one time so an attacker cannot just make a copy of the hashed value and use it at later time. To make that work, the CHAP at R1 creates a challenge and send the first CHAP message plus a random number added to challenge value.

R2 receives the challenged message plus the random number, adds it, runs the hash algorithm using the just-learned number from R1 against the locally stored password, and sends the hash results back to R1 that originally sent the challenge (Hash Value plus Random Number).

R1 runs the same hash algorithm again using the same random number against the password stored locally; if the R2’s result match, the passwords must match. And therefore, R1 and R2 allow access to each other. Later, the next time the authentication process occurs, the authenticating router generates and uses a different random number.

Note: the CHAP challenge must be set on both routers in order to work and the password never exchanged, rather, the hash value of the password plus a random number for initial connection.

Remember, each cable technology on the way of routing IP Packets speaks different language of how to handle the frames that carry logical IP packets, therefore, Data-Link Layer must determine which language or Data-Link Protocol must be used for reframing the Logical IP Packet based on media used to deliver the IP packet to its final destination.

Analyzing HDLC or PPP Communication

Routers use HDLC just like any other data link protocol used by routers: to forward HDLC or PPP Frames that carry IP Packets to the next router, or we can say to forward frames to the next-hop.

The following steps will show a general concept of routers de-encapsulating and re-encapsulating of IP packets that were replied back from the Corporate Servers Ethernet LAN, through the routers using Leased Line (T1), and back to the Branch Office PCs. So, what’s happening at the Data-Link Layer during this communication?

Step 1: Data Link Layer at the Servers’ TCP/IP Stack encapsulated the IP packet and the Data provided from the Network Layer in an Ethernet Header and Trailer with a destination MAC address of the Main-Office Router and transmitted the frame to next-hop using Layer 1 electrical encoding.

Step 2: Main-Office Router received the Ethernet Frame through its LAN interface; applied FCS, de-encapsulated the IP Packet from the Ethernet frame; discarded the Ethernet Header and Trailer (1). Compared the destination IP address to its routing table and decided to route the IP packet through its serial interface to Branch-Office router (2). Encapsulated the IP packet into a NEW HDLC frame using HDLC Header and Trailer, and transmitted the HDLC frame to Branch-Office Router using layer 1 electrical encoding (3).

Step 3: Branch-Office router received the HDLC Frame through its serial interface; applied FCS, de-encapsulated the IP packet from the HDLC frame; discarded the HDLC Header and Trailer (1). Compared the destination IP address to its routing table and decided to route the IP packet through its LAN interface (2). Layer 2 at this point, encapsulated the IP packet into NEW Ethernet Frame that has destination MAC address of the intended PC that originally requested information from the Branch-Office, and transmitted the frame heading to winXP TCP/IP stack for further processing (3).

Note: Routers use IP Routing when the network in question is not connected physically (directly) to its interface. Hence, with IPv4 and as long as the Ethernet Network in question is physically connected to the Router’s LAN Interface – it uses MAC addresses with the help of Address Resolution Protocol (ARP) to forward or transmit the Ethernet Frame through its LAN interface to any TCP/IP Network device inside the LAN.

Bottom line, leased line with HDLC or PPP protocol creates a WAN link between two routers so they can route IP Packets back and forth, servicing the devices on each one LAN. The leased line itself provides the physical means to convert frames to bits and transmit the bits through Layer 1 using electrical encoding in both directions. The HDLC or PPP frames provide the means to encapsulate the Network Layer’s IP Packet correctly that suits the medium used so that it crosses the link between routers.

The IP Packet is the delegate Crystal Vase, and Data-Link Protocols exist to move it from hop to hop without changing its properties. Therefore, Ethernet, HDLC, PPP, Frame Relay, ATM, and much more, are all Data-Link Protocols to forward and handle the most important part of the TCP/IP communication “IP Packets” from hop to hop.

Leased lines have many benefits that have led to their relatively long life in the WAN marketplace. These lines are convenience for the customer, widely available, with high quality, and give the customer private line between 2 routers. However, they do have some negatives as well compared to newer WAN technologies, including a higher cost and typically lead times to get the service installed.

WAN Leased line is old technology, but the concept still being used. Nowadays, similar rate quality can be achieved through an Ethernet Fiber WAN connection (EoMPLS). Privacy can be achieved either using IPSec VPN, L2TP, or SSL VPN between 2 locations, or use a Virtual private Line (Similar to the Old WAN Leased Line concept), which based on EoMPLS Technology. VPN over public EoMPLS still more affordable solution than leasing a dedicated virtual circuit using EoMPLS.

Subject Related

By Wikipedia Data Link Layer | HighTech Layer 2 | Router Ally OSI | TutorialPoints Layer 2 | How to Master CCNA | R&S ICND1 and ICND2 | Network Warrior | CCNA R&S Study Guide | R&S 200-120 Official Guide | Routing and Switching Guide