The OSI Model (Overview)

The OSI model is used by technologists as a way of conceptually breaking down the IT networking functional stack, each deeper layer providing foundational mechanics and support for the layers above, basically scaffolding upon scaffolding. Analogous to the physical world the networking “stack” as it is called in IT circles, builds from network functionality that is facilitated by the physical medium in which traffic is sent, all the way up to the application level protocols that the programs we use day to day use to communicate with other programs, providing a base level of standardization to support interoperability and functionality, so that a person attempting to use one wifi access point can communicate with someone across the world using copper ethernet to facilitate network connectivity.

There are many methods of explaining and remembering the OSI stack, many use mnemonic device like “Please don’t throw Salami Pizza Away”, or my original creation, “All Prophecies Seem To Need Destiny’s Permission”. Others conceptualize each layer as being “encapsulated” by the layer below it, which is a pretty good analogy for how the network stack works. There is often a lot lost in analogy, as some of the boundaries are messy, where certain functionality and protocols straddle two or more of the layers in the stack, while seeming to skip others, but this is a good place to begin a discussion and ingestion of the knowledge.

For some history trivia, the OSI model was first conceptualized sometime in the late 70s and early 80s. It was developed in order for developers of many different systems to have a common frame of reference to discuss system interoperability, and provide guidelines for developing system and protocol boundaries for facilitating prior mentioned interoperability, as well as to support the growth and development of existing and future functionality. While modern day technologies often stray from the boundaries outlined in the OSI, it still provides a helpful point of reference, since the protocols from the past provided the scaffolding and schema with which we develop technology in the modern era.

The OSI model consists of 7 layers, in descending order:

Application (Layer 7): This is the highest level of abstration from the physical medium in the stack. Even though it is called the “Application” layer, it actually refers to the underlying protocols that those Operating System(OS) level programs use to communication with other network participants, often called Application Programming Interfaces(APIs). Protocols that reside in the Application layer include hyper text transfer protocol(HTTP), Domain Name Services(DNS), Secure Shell(SSH), and may others. There are usually other pieces of identifying information associated with how these higher level protocols are identified in lower layers, like port numbers, protocol numbers, as well as metadata structure, but will get into that later.

Presentation (Layer 6): This layer primarily focuses on the way protocols are structured so that they are accessible from the higher level programs, and is also often the layer of the OSI that handles the encryption of the protocol, providing protection of the integrity and confidentiality of the information that resides in the protocol, or messaging. Examples of encryption include Transport Layer Security(TLS), Secure Sockets Layer(SSL), while structuring might include standards like Extensible Markup Language(XML) or the American Standard for Code for Information Exchange(ASCII). Something to keep in mind is that protocols rarely reside in a single layer, and often straddle two or more protocols. HTTP is an example of a protocol that resides in both layer 7 and layer 6 of the OSI model, the same could be said for SSH, for it is an application layer API, but also provides encryption with the secure tunnels.

Sessions Layer (Layer 5): This layer involves breaking up different communication streams, both from the perspective of disambiguating different sender/recipients in the case of two-way communications, as well as determining individual packet sizes, usually identified in the mean traffic unit(MTU) field found in IP packet structures. Often times, this is considered to be a closely paired function of the layer beneath, Transport, but is often useful to isolate it conceptually for troubleshooting, or for determining duplex, simplex, or packet fragment behavior.

Transport (Layer 4): The Transport Layer is a very important layer, even if it doesn't receive as much shine as the networking layer below it. The Transport layer handles the connection and connectionless oriented protocol, most times this refer to Transmission Control Protocol(TCP), or User Datagram Protocol(UDP). TCP is used for traffic that you want assurances is delivered to the destination. This facilitated by the TCP handshake, basically a process of inquiries and confirmations that we have successfully connected to the desired destination, as well as keep alive and message tracking mechanisms to prevent data loss. While modern day networking technology is fairly resilient to data loss, this was built into the protocol in order to provide a level of guarantee of delivery in a fairly chaotic networking environment. The other option, UDP, is often used for traffic with which the order of delivery or that all packets reaching the destination isn't entirely required. This is usually the case for real time streaming, like internet radio or video, telecommunications like VoIP or VTC. Again, modern technology is fairly resilient to packet loss, but there is a less of a guarantee of delivery. The two trade offs between TCP and UDP is generally reliability versus performance, respectively. TCP, while providing guarantees that all the data has been delivered, it adds additional cpu overhead to the systems processing the traffic, UDP, while forgoing the delivery guarantee, allows cpu cycles to be devoted to delivery, or processing being less intensive, theoretically leading to greater speeds. As we will go over, most technology is a series of tradeoff paradigms. Side note: the transport layer also specifies the TCP/UDP port number, such as tcp/80 for http, or udp/1024-65352 for RTP.

Networking (Layer 3): The networking layer focuses on the network addressing for routing traffic between the source and destination address. Generally, this source and destination address, most commonly leveraging the Internet Protocol(IP), stays the same. This facilitates network routing, sending packets between networks until it it reaches the destination. There are two versions of IP in popular use; IP version 4(IPv4) that is the most common, and most recognizable, a series of four, 8-bit octets that total in a 32 bit address, represented in xxx.xxx.xxx.xxx, ie 192.168.001.001 or 192.168.1.1. The other more recent addition to the IP family is IP version 6(IPv6), which is instead represented in 128-bit address, broken up into eight 16-bit hexadecimal octects(confirm). There is a lot of detail within these protocols that we will dive into on the networking deep-dive, but the main takeaway is that this layer handles the piece in the networking stack called packets, that are addressed with either the IPv4 or IPv6 address in order to determine the source or destination address. Coupled with the port number from the Transport layer, a network socket is established, which is a ip/port to ip/port connection that represents a single conversation between a client and server. Common rule of thumb is that the server allows communication over a standardized port, such as tcp/80 for http, and the client attempting to connect to the server on that port might use a randomized port in the non-standardized port range, otherwise known as the ephemeral range, generally from 1024-65335 range. For two "clients" that attempt to communication, either one acts as a "server", or they both communicate on an ephemeral range port. This is commonly seen with Voice over IP(VoIP) traffic, but this communication is usually facilitated by an intermediate server, but that is outside the scope of this article.

Data-Link (Layer 2): The penultimate layer of the OSI model, this layer supports routing between source and destination, and provides the foundation to facilitate the Layer 3 routing between IP addresses. The Layer 2 routing handles sending traffic between network interfaces on the same LAN, as well as between interfaces on the same router. In the TCP/IP stack(yes, the most common network stack is named after specific Network and Transport layer protocols, but is used as a shorthand to refer to a framework of interoperable protocols), the Media Access Control Address(MAC Address) is used to send traffic between networks, and serves as the hardware address of the networking interfaces. As Layer 3 packets traverse networks to their destination, Layer 2 "frames" are changed every time they are routed between a new network, encapsulating the packet above, to be sent out a new interface, with a new source and destination MAC address. This is done numerous times until the destination specified in the IP address packet is reached. There are many different protocols that operate on this layer, including routing protocols like Border Gateway Protocol(BGP), Routing Information Protocol(RIP), Address Resolution Protocol(ARP), and also troubleshooting protocols like Ping and Traceroute. These are additionally important, because they don't use either higher level protocols like TCP or UDP, like we have talked about previously, but Internet Control Message Protocol(ICMP) which, while usable to query Layer 3 addresses, it actually operates on Layer 2. This goes to illustrate how the boundaries between how protocols are actually used in the real world often veer away from the boundaries set by the OSI, but again, while this is where analogy begins to breakdown in the face of reality, it remains a good entry-point for discussion and understanding.

Physical (Layer 1): The lowest layer of the OSI model. This layer is where the physical medium across which network traffic traverses. Whenever we think of copper ethernet, fiber, or WiFi, this is the layer which we mean. Ironically, however, most applications or functions of Layer 1 is inaccessible from the user space. This is generally reserved for access to firmware, or dedicated hardware specifically configured and built to manage and send signals over the medium of choice. This means that IP addresses don't concern themselves with whether they are assigned to a wireless adapter or a fiber optic connection, nor do transport protocols keep track of how electrical or light signals traverse a copper wire a fiber cord, this is handled at the Layer 1. Another secret irony, despite the inner workings of the physically layer being accessibly distant, from a troubleshooting context, it is often the culprit of ad hoc issues that are inexplicable from other higher layer protocols.

While there are a lot of layers to keep track of, and to potentially troubleshoot, the benefit of the OSI model, and the beauty of it, is the ability of the technician or developer to be able to focus on a certain layer of the OSI when troubleshooting or developing functionality. It provides a mechanism for conceptualizing functionality, and even though the reality of how the protocols are encapsulated within each other as we travel down the stack is significantly messier than most diagrams illustrate, it provides a good schema for learning, discussing, and building the telecommunication technology that facilitates the world and capabilities that we enjoy today.

By Stephen Wood