A couple posts ago, we talked about Layer 1 of the OSI Model -- the Physical Layer. Today, we'll start our climb up the Model with a visit to Layer 2, the Data Link Layer.
The Data Link Layer is one of my favorite layers of the OSI Model. Like a father who loves ALL of his children equally, but in different ways, I also love the other layers, but Layer 2 will always hold a special place in my heart. Layer 2 is where we get away from raw signaling, physical connectors, and cable specifications and start working with things that are, for the most part, software configurable.
If I had a nickel for every time I've asked, "is the problem at Layer 2 or Layer 3?" while troubleshooting a network problem, well, I wouldn't be rich, but I could probably buy a new iPad.
Some of the most common and troublesome issues that occur at layer 2 are broadcast storms. In virtual desktop environments they may manifest as boot storms. Effectively, what's happening is that the network is being overwhelmed by broadcast traffic. In many cases this condition will present as a slowdown in the network and only upon reviewing a packet trace or by looking at amount of broadcast traffic in your NMS can you diagnose the problem.
Layer 2 problems occur at the LAN level -- meaning local communication on the same subnet. They can also occur on the WAN, at the connections between adjacent nodes. Layer 2 functions occur before an IP-based connection is ever established, so all of your Layer 3 troubleshooting skills, tools, and protocols are useless here.
Some of the common protocols we use every day, like the Address Resolution Protocol (ARP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), and Spanning Tree (STP) all function at Layer 2 of the OSI Model. Understanding how these and other Layer 2 protocols work is an important part of your education as a network engineer.
When troubleshooting, once you've established that the Physical Layer is problem-free, the next step is to determine if the problem is at Layer 2 or Layer 3.
I was once working with a company that was having a hard time connecting some of their billing PCs to their SaaS-based accounting applications. Physically, everything looked good, but I couldn't seem to get the devices talking on the network. As I started investigating, I noticed that the ARP table on the adjacent router had an entry for the PC's IP address, but no MAC address.
So, a light bulb came on in my head and I realized that this was a Layer 2 issue. Turns out, that PC had a NIC installed that didn't have a vendor assigned MAC address -- you had to enter it manually. I've never worked with network interface cards like that again but this company had installed several of them. So, I made up some MAC addresses and away we went!
Layer 2 problems can be tricky and they're some of the most technical problems to deal with. For instance, dealing with spanning tree issues probably isn't anyone's favorite thing to do but you'll learn a ton from the experience.
That, my friends, is why Layer 2 is one of my favorites. It's not the easiest, but it IS the geekiest.
What's your favorite layer? Leave a note in the comments.
Flame on...
Josh
Josh Stephens is Head Geek and VP of Technology at SolarWinds, an IT management software company based in Austin, Texas. He shares network management best practices on SolarWinds GeekSpeak and thwack. Follow Josh on Twitter@sw_headgeek and SolarWinds @solarwinds_inc.