What is the exact use of a MAC address?
I understand that IP addresses are hierarchical, so that routers throughout the internet know which direction to forward a packet. With MAC addresses, there is no hierarchy, and thus packet forwarding would not be possible. So, MAC addresses are not used for packet transfer.
I don't think it sits there for no reason. So my question is, where exactly does a MAC address come into play during a packet transfer?
TL;DR> MAC addresses are a low level component of an Ethernet network (and some other similar standards, such as WiFi). They allow a device to communicate with a machine on the local physical network (LAN), and cannot be routed across the Internet - because physical hardware might in theory be plugged in anywhere in the world.
By contrast, IP addresses cover the whole internet, and routers use them to figure out where to send data even if it needs multiple hops to reach its destination – but they aren't helpful in interfacing with the physical hardware on your local network.
If we ever found a better standard than Ethernet, it might not use MAC addresses but IP traffic from the internet could still flow across it, even if other people on the internet had never heard of it.
If we ever found a better standard than IP (for example IPv6 if all the IPv4 addresses ran out), most Ethernet hardware could carry the new kind of traffic without modification – and a simple software/firmware update would fix most of the rest.
MAC addresses are required to make a local Ethernet (or wifi) network function. They allow a network device to attract the attention of a single directly connected device, even though the physical connection is shared. This can be important when thousands of devices are connected together within a single organisation. They serve no function on the wider internet.
To really understand the answer to this question, you need to understand the OSI (sometimes known as the 7-layer) model.
For communication to take place between 2 applications running on separate machines which don't have a direct physical connection, a lot of work needs to take place.
In the olden days, each application would know exactly which machine code instructions needed to be run in order to produce an appropriate signal that would reach, and could be decoded by, the application at the far end. All communication was effectively point-to-point, and software had to be written to suit the exact situation in which it was to be deployed. Obviously, that was unsustainable.
Instead of this, the problem of networking was split into layers, and each layer knew how to speak to the matching layer on a remote machine, and how to communicate with the layer beneath (and sometimes above) it on its local machine. It knew nothing at all about any other layers in place – so your web browser doesn't need to care whether it is running on a machine that uses a token ring, ethernet or wifi network – and definitely doesn't need to know what hardware the remote machine uses.
To make this work, the 7 layer model uses a system rather like nested envelopes; the application creates its data and wraps it in an envelope for the Operating System to deliver. The OS wraps this in another envelope and passes it to the Network driver. The Network driver wraps this in yet another envelope and puts it onto the physical cable. And so on.
The bottom layer, layer 1, is the physical layer. This is the layer of wires and transistors and radio waves, and at this layer, communication is mostly just a stream of ones and noughts. The data goes everywhere that is physically connected. You plug your computer's network port into your switch using a CAT-5 cable.
Layer 2 is the Data link layer. This provides some structure to the ones and noughts, some error detection and correction capabilities, and some indication about which physically connected device (physical connections here can actually be over wifi) should pay attention to the message. This is the layer that MAC addresses come into play, and we'll come back to it later. But MAC addresses aren't the only possibility at this layer. Token ring networks, for example, need a different data link implementation.
Layer 3 is the Network layer. This is the layer that IP works at (though it isn't the only network layer protocol either), and it is this that allows computers to send a message that can get to any machine anywhere on the "network". There does not need to be a direct connection between the machines in question.
Layers 4-7 are higher level protocols. They get ever further away from the hardware and closer to the application. TCP, for example, sits on top of IP, and provides mechanisms that automatically resend messages when they go missing.
So MAC addresses work at Layer 2, and permit 2 machines that are physically connected to one another to send messages that will be ignored by other machines which share the same physical connection.
Suppose I have an application that wants to send some data to the machine with IP address 8.8.8.8
Layer 3 wraps up the data in an envelope that contains, amongst other things, the IP address 8.8.8.8 and then hands this to layer 2.
Layer 2 looks at this IP address and decides which machine that it is directly connected to is able to deal with this message. It will have a lookup table of a selection of the directly connected IP addresses together with the corresponding MAC address of the network card in that machine. This lookup table is constructed using a protocol called ARP, which lets a network card asks questions of the other directly connected devices. Ethernet reserves a special MAC address, FF:FF:FF:FF:FF:FF, which lets a device talk to all physically connected devices.
If the IP address is in the table (or can be resolved through ARP), it will wrap the Layer 3 envelope in a Layer 2 envelope with the MAC address in the new header, and then pass the whole bundle to the hardware at Layer 1. The network card with the matching MAC address will receive the message and the network driver will open the Layer 2 envelope and pass the contents up to whichever part of the operating system is expecting to receive messages at the specific IP address.
Alternatively, if the IP address isn't on the local network, the new envelope will have the MAC address of the default gateway (i.e. Router) configured for this network interface, and the hardware will transport the packet to the router.
The router notices its own MAC address in the layer 2 envelope, and opens the level 2 packet. It looks at the IP address on the level 3 envelope, and works out where the message needs to go next, which is probably going to be the router at your ISP. If the router uses NAT (or similar), it may even modify the level 3 envelope at this point, to keep your internal IP addresses private. It will then wrap the level 3 envelope in a new level 2 envelope that is addressed to the ISP's router's MAC address, and send the message there.
This process of removing the outer envelope and wrapping the contents in a new envelope addressed to the next step in the chain will continue until the message reaches the destination machine.
The envelopes will then continue being ripped off as the message walks back up the layers until it finally reaches its intended recipient, which will be an application somewhere which, hopefully, will know what to do with the message – but will have no idea how the message got there nor indeed all the steps required to get the response back to the original machine.
But it all works, almost like magic!
Note that network switches can use MAC addresses to optimise the flow of network traffic. While an ethernet hub simply forwards all incoming traffic to all of its ports, by contrast a switch can forward traffic only to the single port that the packet's destination MAC address is connected to. This increases the effective bandwidth of the network; by targeting specific ports, the switch avoids forwarding traffic on unnecessary segments of the network. The switch will use either ARP or packet sniffing to identify which devices are connected to which port. Switches completely ignore the contents of the Layer 2 packets.
What are MAC addresses used for?
MAC addresses are the low level basics that make your local ethernet based network work. Local means that the network devices are either directly connected through a cable or by WiFi or over a network hub or network switch.
Network cards each have a unique MAC address. Packets that are sent on the ethernet are always coming from a MAC address and sent to a MAC address. If a network adapter is receiving a packet, it is comparing the packet's destination MAC address to the adapter's own MAC address. If the addresses match, the packet is processed, otherwise it is discarded (exception follows in next paragraph).
There are special MAC addresses, one for example is ff:ff:ff:ff:ff:ff, which is the broadcast address and addresses every network adapter in the network. If a network adapter is receiving a packet sent to the broadcast address, then it is processing it.
How do network switches influence the packet flow?
A hub has no intelligence and just connects the wires from all the attached network cables, so packets sent on the network are received by every other connected network adapter. Network switches have some logic inside and can forward or drop packets.
When a network switch receives a packet on one port it needs to know to which port(s) to forward the packet. Broadcast MAC address is simple, that means just forwarding to all other ports. Individual MAC addresses require more work. If the destination is an individual MAC address, then it forwards the packet only to the port where the adapter with this MAC address is connected. How does the switch know that port? Because it examines all received packets and per port builds a table with the source MAC addresses seen in the packets received on that port. These entries are valid for some time and then discarded if no more packets are received from that MAC address. And what if the MAC address is not known (yet)? Then the switch needs to send the packet to all other ports, like it does for the broadcast MAC address.
With MAC addresses you can only reach what is directly connected/wired. If you want to connect different networks you need more structure and then IP comes into play. The name already says it IP, internet protocol, a protocol to connect networks.
How do IP addresses and MAC addresses work together?
IP is a protocol that is used on a layer above ethernet. Another protocol for example would be IPX. IP allows connecting of different local networks and thus forming a corporate network or the global internet. If IP packets are sent, then we still have the MAC addresses of sender and receiver in the packet and additionally the IP addresses of the sender and the receiver.
Now when your computer wants to send a packet to some IP address x.x.x.x, then the first check is if the destination address is in the same IP network as the computer itself. If x.x.x.x is in the same network, then the destination IP must be in the local ethernet and can be reached directly. We just need to know the MAC address where to send the packet to. If the destination IP is not in our own network, then the packet needs to be sent to the configured router. Again we need to know the MAC address where to send the packet to.
As we see there must be some mechanism to retrieve the MAC address for an IP address in the local network. That mechanism is the address resolution protocol (ARP).
Once the sender has retrieved the MAC address of the next hop (either local destination or local configured router), he writes that target MAC address into the packet and sends the packet.
How does ARP work?
ARP itself is a protocol above ethernet, like IP or IPX. When a device wants to know the MAC address for a given IP address, it sends a packet to the broadcast MAC address asking "Who has IP address y.y.y.y?" All devices receive that packet, but only the one with the IP address y.y.y.y will respond with a packet "It's me." The asking device receives the answer and now knows that the source MAC address of the ARP packet is the right MAC address to use. Of course the result will be cached, so the device does not need to resolve the MAC address every time.
Routing
There is no routing based on MAC addresses. Low level ethernet and MAC addresses can only reach every device on the same network (cabled or wireless). If you have two networks with a router in between you cannot have a device in network A send a packet to the MAC address of a device in network B. No device in network A has the MAC address of the device in network B, so a packet to this MAC address will be discarded by all devices in the network A (also by the router).
Routing is done on IP level. It is done by routers which have multiple network adapters (at least two). Simply seen the router is just doing what I described above in the section "How do IP addresses and MAC addresses work together?". The router will receive packets for its own MAC address but for a different IP address. He will then check if he can directly reach the target IP address (on another network adapter). If so, he sends the packet to the target. Otherwise the router itself also has an upstream router configured and will send the packet to that router.
Of course you can have multiple routers configured. Your home router will only have one upstream router configured, but in the internet backbone the big routers have big routing tables so they know the best ways for all packets.
Other use cases for MAC addresses
-
Wireless access points often use MAC addresses for access control. They only allow access for known devices (MAC address is unique and identifies devices) with the correct passphrase.
-
DHCP servers use the MAC address to identify devices and give some devices fixed IP addresses.
The MAC-Address (Media Access Control address) in general is the identifier of devices in a network. So every NIC (network interface controller found in a router, PC, network-printer, server etc.) have MAC addresses. Some servers have more than one network card built in and therefore have multiple MAC addresses. The MAC address is 6 Bytes long (6 octets). Left is the most significant Byte and right the least significant Byte. As you can see in the picture below, the first 3 Bytes are the Organizationally Unique Identifier. This indicates the manufacturer who made this device.
Here's a list of Organizationally Unique Identifier: Standards.ieee.org
Here's an alternative to the above: MAC-Vendor-Lookup
A few examples of common known manufacturers:
- 00-05-5D (D-Link Systems Inc.)
- 00-09-5B (Netgear Inc.)
- 00-E0-4C (Realtek Semiconductor Corp.)
- 00-E0-4F (Cisco Systems Inc.)
- 00-E0-64 (Samsung Electronics)
The last 3 Bytes (3 octets) are randomly assigned by the manufacturer.
As pjc50 stated correctly the MAC address in an Ethernet network helps the switches decide which packet to send where. There is also a Broadcast-MAC-Address. ff:ff:ff:ff:ff:ff is used for the Broadcast-MAC-Address. Note that the MAC-Address can be changed so be careful using it as a definite device identifier! The MAC-Address is also used with the ARP (Address Resolution Protocol) protocol. So how it works is, PC A sends a ARP-Request to PC B with its own IP-Address, MAC-Address, the IP-Address of the receiver and the broadcast address mentioned above (ff:ff:ff:ff:ff:ff). After that PC B checks if the Packet was send to him or not. If yes, then PC B sends its own MAC-Address, IP-Address, the MAC-Address of the receiver and the IP-Address of the receiver back. The other devices discard the packet.
Both PC A and B usually save the successful connection in the so called ARP-Cache. The way the PCs save the connection differs from device to device. If you don't know the IP-Address then you can get the IP-Address with the Reverse Address Resolution Protocol (RARP). With RARP the device contacts a central client and asks it for the IP-Address. But this method is hardly used nowadays.
The following technologies use the MAC-48 identifier format:
- Ethernet
- 802.11 wireless networks
- Bluetooth
- IEEE 802.5 token ring
- most other IEEE 802 networks
- FDDI
- ATM (switched virtual connections only, as part of an NSAP address) Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
They are used for packet transfer: on an Ethernet network, there are a number of devices, and the MAC address specifies which device should receive the packet. Ethernet switches will use it to choose which port to send out a received packet on.
Forget hierarchy in this case, it not a very important issue.
MAC address are addresses for layer 2 (link layer) in the ISO/OSI or TCP/IP models. IP addresses are from layer 3 (Network layer) in the same models.
In a layer 2 network, for instance a common Ethernet network, there exists a collision domain, where all the equipment connected can receive all the frames (layer 2 unit data) from any endpoint. But nobody outside the network can receive these frames. MAC addresses are addresses in these domains.
Packets are the layer 3 unit data, typically, IP packets. They travel through one or more collision domains. IP addresses are the addresses in this domain.
Switches are layer 2 devices and forward frames using MAC addresses tables. Routers are layer 3 devices and they forward packets using IP addresses tables.