Layer 4, the layer below the Network Layer and layer above the Physical Layer
- Hardware
- Unit: Frame
- Responsibilities: Routes frames to adjacent machines (“direct” connection) on a local area network (LAN). Defines the format of data on the network
- Details
- Breaks up chunks into frames, contains some metadata
- Hub model (share the same medium) means that we don’t need to run wires between every computer (implicit broadcasting). Downside is we have to now specify who the message is for (usually using 48 bit media access control (MAC) addresses)
Parameters
- MTU (maximum transmission unit): the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction
- Larger MTU is associated with reduced overhead.
- Large packets are also problematic in the presence of communications errors. If no forward error correction is used, corruption of a single bit in a packet requires that the entire packet be retransmitted, which can be costly
- Smaller MTU values can reduce network delay
- Smaller packets are problematic because they have lower goodput (ratio of headers and other metadata to actual user data is higher because the packets themselves are smaller)
- Common MTUs
- IPv4: 68B to 64KiB
- IPv6: 1280B to 64KiB
- Ethernet: 1500B
- IEEE 802.11 (Wi-Fi / WLAN): 2304B (encrypted will add 8-20B to overhead)
- Larger MTU is associated with reduced overhead.
VXLAN
LAN but across local networks… spooky
It encapsulates the MAC frame into a UDP datagram for transport across an IP network. This creates an overlay network
Berkeley Packet Filter
The Berkeley Packet Filter (BPF; also BSD Packet Filter, classic BPF or cBPF) is a network tap and packet filter which permits computer network packets to be captured and filtered at the operating system level.
Specifically, it allows a userspace process to supply a filter program that specifies which packets it wants to receive.
This avoids copying unwanted packets from the operating system kernel to the process, greatly improving performance. The filter program is in the form of instructions for a virtual machine, which are interpreted, or compiled into machine code by a just-in-time (JIT) mechanism and executed, in the kernel.