Layer 3 is much more logical in nature. Layer 2 the device address is assigned in hardware. Switches mostly operate their functions in hardware. A lot of the network layer functions relate to logic and more software operations. We have two types of address that we need to be familiar with. But first, let's say that these addresses are both logical. Underlying your logical address you have a hardware address. If you have a network card, it will have that MAC address at Layer 2. But as we move up to Layer 3, we have a separate header, a separate footer, and just as within Layer 2, which had the MAC address to and from address. At layer three, we have the same. It will have a to address and a from address. But here at Layer 3, we have IP addresses. The first of the two types of address then is IPV4, IP version 4. This is a 32-bit address, and it is separated out when we write it in decimal. As you can see there, 192.168.01, is separated into four groups of eight-bits. An eight-bit number can range from 0-255. We have public and private addresses. Private addresses are addresses that you cannot use on the Internet. They're known as non-routable addresses. That example below the 192.168 address is one of those non-routable address ranges. We also have 10.0. and 172.16. Anything starting 10.0, 172.16, 192.168 are typically not addresses that work on the Internet. That's quite a nice security feature. Instead, those devices need something else to help pass on the communications to public networks. The other addresses, the public addresses, the overwhelming majority of the addresses are routable and we've run out of them. We exhausted the number of public IP addresses some years ago, and there are no more left. Some of these are still unused, but they are all assigned to different organizations, companies, education establishments, and so on, so we needed an alternative. The alternative is IP version 6. Instead of a 32-bit address, this is a 128-bit address. Now the address range is four times as large. Instead of 32, we have 128, 32 times 4 is 128. However, the number of available addresses is exponentially larger. It's not four times as many addresses, it's exponentially larger. This also has a number of different benefits for us IPV6. What we see with IPV6 is security has been built in by default. It supports encryption. We'll talk about IPSec a little bit later in the chapter. But it's designed with that security in mind. It's also designed with traffic prioritization in mind. What we can do is mark more easily traffic as having different priorities. Things that need to be transmitted more quickly, which is quite a good link to availability as a concept. Making data available as and when we need it. Things like low latency traffic, voice-over IP, multimedia, online collaboration. This removes the need to have two separate types of address as well. Another really important advantage for us, we no longer need these public and private addresses. Whether an address is public or private, can be referenced within the IPV6 address itself. An example IPV6 address can be seen. These are much harder to remember. At least I would say they're harder to remember. This is the address we see at Layer 3. We can think of this almost like a telephone number. A telephone number is a logically assigned number. If you have a smartphone, a cell phone, you can change your number. You can get a new SIM card with a different number attached and it's similar to the concept of an IP address. It's not hard-coded to your device. You can change it as you need to. As we move from IPV4 to IPV6, life is a little bit complicated because we need to use both typically and we need to support both. Different parts of the network, different devices. At the moment we are in a period of migration. This migration has been going on for some time and is likely to continue for some time as well so we will see both IPV4 and IPV6 commonly on networks and on devices. The two devices we want to talk about. We've looked at the address. We've talked about the idea of sending traffic, well the devices that we talk about, are routers and firewalls. Routers, route packets. Now, our traffic type at Layer 3, then at Layer 2 our traffic type was a frame. At Layer 1, it was a bit, a zero or a one. At Layer 3, we have packets. This packet has the header information with our source, our to and from IP address, some of the data as well, maybe priority, for example. Inside a packet is our data, a payload of data. This has been chopped up into smaller pieces. If we have something like an image, it's been chopped up into smaller pieces and placed into packets. You can think about this almost in the same way that cargo is separated up into containers on a cargo ship. These are our IP packets. What's interesting about these IP packets is if you've sent cargo on a railway network, it has to go the same way. It doesn't have any choice. With routers, each individual packet, each individual payload of data could be transmitted via a different route. It's much more like our road networks. If one part of our road network becomes congested, usually we can reroute, we can take an alternate route, and this is what routers are doing. A router's job is to take a packet in on one of its network interfaces and then to make the best choice for that packet to help it get towards its destination. If that router has four interfaces, a packet has come in on one of those four interfaces, then it's going to be transmitted out on one of the other three. It will try to choose the best interface to get that packet to its destination. It will make a decision may be based on congestion, may be based on bandwidth. But it's trying its best to get that packet forward. It may make different decisions per packet. It sends one packet via Interface 2, the next packet going to the same destination, if there's congestion on Interface 2, might be better to send it via Interface 3. This is a much more resilient form of traffic. Instead of having a point-to-point connection. Now, we've got the ability to route divergently based on different criteria. Also at Layer 3, we see firewalls. Firewalls can filter based on those IP addresses, based on those Layer 3 addresses. Blocking or allowing. We talked about access control lists, or here we see a really good use of access control lists. In firewall access control lists, we've referenced the idea of an implicit deny. Everything is denied by default, so you turn your firewall on and nothing is allowed to pass. Then we create allow rules, allow one IP address to talk to another IP address or a group of IP addresses. Firewalls can do much more and we will revisit firewalls at our next layer at Layer 4. Because both routers and firewalls are the devices we see not just at Layer 3, but also at Layer 4.
