1. Library
  2. Routing and Networks
  3. Network Models

Layer 3: The Network Layer

Updated 10 hours ago

The Network layer is where your packet learns to leave home.

Layer 2 handles conversations between neighbors—devices that share a wire or a wireless channel. But what if you want to reach a server in Tokyo, or a friend's computer across town? That requires crossing networks. Multiple networks. Networks owned by different companies, running different technologies, connected through chains of routers that have never heard of you.

This is what Layer 3 makes possible. It's the layer that transforms isolated networks into the Internet.

The Problem Layer 3 Solves

Imagine the early days of networking. Your office has an Ethernet network. Another office has a different Ethernet network. A university has a token ring network. A government lab has something else entirely.

Each network works fine internally. But they can't talk to each other. They use different addressing schemes, different frame formats, different assumptions. They're islands.

The Network layer creates a universal language that abstracts away these differences. It provides:

  • Global addresses that identify every device uniquely across all networks
  • Routing that finds paths through the maze of interconnected networks
  • A common packet format that any network can carry

This abstraction is what makes the Internet possible. Your packet doesn't need to know whether it's traveling over fiber optic cable, a satellite link, or someone's home Wi-Fi. It just needs an IP address and a destination.

IP Addresses: Your Global Identity

MAC addresses identify you on your local network. IP addresses identify you on the Internet.

IPv4 uses 32-bit addresses, written as four numbers separated by dots:

192.168.1.100

Each number represents 8 bits (0-255), giving about 4.3 billion possible addresses. That seemed like plenty in the 1980s. It wasn't.

IPv6 uses 128-bit addresses, written in hexadecimal:

2001:db8:85a3::8a2e:370:7334

This provides 340 undecillion addresses—roughly 50 octillion addresses for every human who has ever lived. We won't run out.

The Public/Private Split

Not every device needs a globally unique address. Your laptop, your phone, your smart thermostat—they all hide behind your home router's single public IP address.

Private address ranges (like 192.168.x.x and 10.x.x.x) can be reused in every home and office on Earth. NAT (Network Address Translation) at your router translates between these private addresses and your one public address. This is why billions of devices can share the Internet despite IPv4's address shortage.

How Routing Actually Works

When you send a packet to google.com, it doesn't teleport. It hops from router to router, each one making a decision about where to send it next.

Here's what happens at each router:

  1. Packet arrives
  2. Router examines the destination IP address
  3. Router consults its routing table: "Where do I send packets for this destination?"
  4. Router forwards the packet toward the next hop
  5. Repeat until destination is reached

No single router knows the complete path. Each router only knows the next step. It's like asking for directions in a foreign city and being told "take that street, then ask again." Somehow, you arrive.

The Routing Table

A routing table is a list of destinations and next hops. A simplified example:

DestinationNext Hop
10.0.0.0/8Router A
172.16.0.0/16Router B
0.0.0.0/0Router C

The last entry is the default route—where to send packets when nothing more specific matches. For most home devices, this points to your router. For your router, it points to your ISP.

Longest Prefix Match

When multiple routes match, the most specific one wins. If the routing table has entries for 10.0.0.0/8 and 10.1.2.0/24, a packet to 10.1.2.50 uses the /24 route because it's more specific.

This enables hierarchical routing. The Internet's core routers don't need to know about your home network specifically—they just need to know which direction to send packets for your ISP's address block.

TTL: The Mortality of Packets

Here's something strange: every packet is born dying.

The TTL (Time To Live) field starts at some value—typically 64 or 128. Every router that handles the packet decrements it by one. When TTL reaches zero, the packet is killed and discarded.

This seems harsh, but it solves a critical problem. Routing tables can have bugs. Networks can be misconfigured. Without TTL, a packet caught in a routing loop would circulate forever, joined by more packets, until the network collapsed under the weight of immortal zombie traffic.

TTL is also what makes traceroute work. It sends packets with TTL=1, then TTL=2, then TTL=3. Each packet dies at a different router, and that router reports back with an error message. By collecting these death notices, you can map the path your packets take.

Fragmentation: Breaking Packets for Smaller Pipes

Different networks have different maximum packet sizes (MTU—Maximum Transmission Unit). Ethernet typically supports 1500 bytes. Some networks support more, some less.

When a router needs to forward a packet larger than the next network's MTU, it has a choice: fragment the packet into smaller pieces, or reject it.

Fragmentation works, but it's costly. If any fragment is lost, the entire original packet must be retransmitted. The destination has to hold partial packets in memory while waiting for the remaining fragments.

Modern systems avoid fragmentation using Path MTU Discovery. They send packets with a "Don't Fragment" flag. If a router would need to fragment, it sends back an error message instead. The sender tries again with smaller packets until it finds a size that works end-to-end.

ICMP: The Network's Nervous System

ICMP (Internet Control Message Protocol) is how the network reports problems and answers questions. It's the diagnostic layer within Layer 3.

Error messages:

  • "Destination Unreachable"—the packet couldn't be delivered
  • "Time Exceeded"—TTL reached zero (this is what traceroute uses)
  • "Fragmentation Needed"—packet too big but Don't Fragment was set

Diagnostic messages:

  • "Echo Request" and "Echo Reply"—this is what ping uses to test if a host is reachable

When you ping a server and get a response, you've confirmed that Layer 3 is working in both directions between you and that server. When ping fails, you've identified that something is broken at Layer 3 or below.

Subnetting: Carving Up Address Space

Subnetting divides a network into smaller networks. If you have a /24 network (256 addresses), you can split it into two /25s (128 each), four /26s (64 each), and so on.

Why subnet?

  • Organization: Different subnets for different departments or purposes
  • Security: Firewalls can control traffic between subnets
  • Efficiency: Broadcast traffic stays within its subnet
  • Scale: Smaller networks are easier to manage

The subnet mask tells devices which part of an IP address identifies the network and which part identifies the host. A device uses this to determine whether a destination is local (same subnet, talk directly via Layer 2) or remote (different subnet, send to router).

What Lives at Layer 3

IP (Internet Protocol): The core protocol—addressing and packet format

ICMP: Error reporting and diagnostics

Routing Protocols (RIP, OSPF, BGP): How routers learn routes from each other

IPsec: Encryption and authentication for IP packets

Routers: The devices that operate primarily at this layer, forwarding packets between networks based on IP addresses

When Layer 3 Breaks

Common problems:

  • No route to host: The routing table doesn't know how to reach the destination
  • TTL exceeded: Packets are dying in transit (possible routing loop)
  • Destination unreachable: The destination network or host doesn't exist or isn't responding
  • MTU issues: Packets too large, fragmentation failing
  • IP conflicts: Two devices with the same IP address, causing unpredictable behavior

The diagnostic progression: Can you ping your default gateway? (Tests local Layer 3.) Can you ping a public IP like 8.8.8.8? (Tests routing to Internet.) Can you ping by hostname? (Tests DNS, which is above Layer 3.)

Each step isolates where the problem lives.

The Beauty of Abstraction

Layer 3's genius is what it hides. Your packet doesn't know if it's crossing an ocean on a fiber optic cable, bouncing off a satellite, or hopping through a mesh of cellular towers. The Network layer abstracts all of this into a simple model: addresses and routes.

This abstraction is why the Internet can grow endlessly, why new network technologies can be added without breaking existing ones, and why a packet from your phone can reach a server in a data center on another continent through a path that changes moment to moment.

Layer 2 connects neighbors. Layer 3 connects the world.

Frequently Asked Questions About the Network Layer

Was this page helpful?

😔
🤨
😃