Why do we need MAC addresses?

Everyone who's ever looked into computer networks in detail has asked, at some point in their life, "why we need MAC addresses if we already have IP addresses?"

A typical packet found on a typical network has a structure like this:

There's a destination IP address, but there's also a destination MAC address. A very common question is: What's that for? Why are there two sets of addresses? Why can't there just be IP addresses?

If you search the Internet, you might find answers like "IP addresses are logical while MAC addresses are physical" or "a MAC address is the only way to uniquely identify a device". These "explanations" are nonsensical—probably having originated from people who knew what they were talking about, but being filtered through many layers of the telephone game. You may also hear "MAC addresses are for layer 2 and IP addresses are for layer 3" which is true, but not an adequate explanation. Therefore I've decided to explain it here.

The correct answer is simple: The Internet doesn't use MAC addresses, and Internet packets don't have MAC addresses. At all.

If they're not for the Internet, what are they for? Recall that IP — Internet Protocol — is intended to be used when you connect together a bunch of separate networks to form a single larger network — an inter-net. And that means most networks are not really IP networks, but some other kind, which carries IP packets as payloads. In more modern terms, internets are overlay networks. We easily forget this since most of today's applications always use IP, even on a single network.

Most home and office networks use Ethernet and Wi-Fi. Ethernet calls its addresses MAC addresses. Since Wi-Fi pretends to be Ethernet, it also uses MAC addresses. Each Ethernet (or Wi-Fi) device comes from the factory with a MAC address different from any other one that ever existed, so you don't have to configure them. Ethernet switches know about Ethernet — they do not know about IP (many of them have configuration panels that speaks IP/TCP/HTTP, but that's a separate, unrelated part). An Ethernet packet is relayed from its source to its destination in the Ethernet network using only the MAC address.

But Internet packets often go farther than the other side of your network. They could go to the other side of the world. So you have an IP router, which connects your network with another network (or several). The sender chooses a router on your network (often there's only one), and addresses the Ethernet packet to the router instead. The Ethernet network relays the packet to the router, which is the final destination as far as it's concerned. The router looks inside the IP packet, checks the destination IP address, and realizes it has to go farther. Then the router re-sends the packet on another network. If the next network is Ethernet, that means it has to choose the next router, and its MAC address. And so on — the packet hops through many networks until it reaches its real final destination.

Why don't we just make IP networks without Ethernet? Well, IP doesn't actually provide a way to actually send packets over wires — it just says what data should go in IP packets. In the past, there were many ways to send packets, and while there's still some competition today, Ethernet is dominant by far. Besides Ethernet and Wi-Fi, the most common interfaces today are probably virtual ones — both virtual links inside one computer that allow virtual machines and containers to pretend they're on a real network, and VPN software such as WireGuard which creates an IP network out of another IP network plus some encryption.

Hopefully that explains the confusion.