top of page

I. THE OSI MODEL

 

Each layer of the OSI model has a simple task to perform–to provide

services for the layer directly above it. Each layer is aware that the layer below is

at its disposal, eagerly awaiting a command. Each layer receives data from the

layer above, in a standardized way, and must provide all the services assigned to

it. According to this model, each layer behaves as if it could communicate

directly with the corresponding layer on the remote computer.

 

The OSI model uses several important terms that are not commonly used

in the networking industry. When layers communicate across a network with

their opposing peer, for instance, the data they transfer is called a protocol data

unit (PDU). When a layer passes data to the layer below, that data is referred to

as a service data unit (SDU). Figure 1-1 illustrates this concept.

 

Figure 1-1: PDUs communicate between corresponding layers on different

hosts. SDUs communicate from layer to layer within a single host.

It is critical for any network or systems engineer to have a strong understanding of the OSI model. It is not intuitive for most, and it does not make sense to many until they have spent years in the industry. Nonetheless, the vocabulary is extremely common in the real world and is used extensively throughout this book. The layers of the OSI model are outlined in Table 1-1.

The OSI model should not be confused with a protocol–it is simply a

theoretical model. Indeed, very few protocols actually conform to any of the OSI

specifications. TCP/IP, for example, was designed many years before OSI and is

based on an unrelated, four-layer model. A suite of protocols have been

designed to conform closely to the OSI model, including a protocol called

Connectionless Network Protocol (CLNP), roughly equivalent to IP in function,

and a routing protocol called Intermediate System to Intermediate System (ISIS).

 

Layer 1 – the Physical Layer

The physical layer consists of all cabling, electrical properties, pinouts, and

connectors on a network. It is commonly referred to as layer 1. If you can touch

it or feel it (and that includes electrical shocks!), then it belongs in this layer.

This is the layer I will touch on the very least. Physical topologies vary from

network to network; the beauty of the OSI model is that I can discuss higherlayer networking without concern for the specific physical implementation of the network.

 

Layer 2 – the Data-Link Layer

Layer 2, the data-link layer, defines the topology of network connections

(for example, star, ring, or bus) and identification of machines on a single

network segment. The most common layer-2 protocol in a LAN is Ethernet, but

Token Ring and FDDI are also popular. Frame relay is a commonly used datalink-

layer WAN protocol and hints at another key vocabulary term.

 

Note: Data, when transmitted across a network with a data-link-layer header and footer, is referred to as a frame. When you are using a protocol analyzer to

investigate network traffic, you can refer to the data being analyzed as a frame if the

data-link-layer header or footer is of significance. For example, if you are

troubleshooting the resolution of media access control (MAC) addresses, you are analyzing the frames.

 

Though each layer-2 protocol is different, most include a MAC

address. The Ethernet MAC address is a flat, 48-bit number assigned to a

specific network interface. The assignment of numbers is globally

administered by the Internet Assigned Numbers Authority, a practice that

ensures that this number is always unique to a network card. Other

popular layer-2 fields include a field that indicates the size of the frame

and a CRC (cyclical redundancy check) field that is used to verify that no

data in the frame header was altered.

 

The data-link layer includes the capability to address multiple

systems. This is accomplished by including a special broadcast address in

place of the destination MAC address.

 

Two common network devices exist at the second layer of the OSI

model: bridges and switches. The popularity of bridges has begun to fade

in recent years, as routed protocols become more popular than bridged

protocols and the cost of layer-3 switching decreases. A bridge connects

two physically separate networks, listening for frames transmitted onto

one segment that must be forwarded onto another segment. Bridges exist

at layer 2 of the OSI model and by definition do not contain the

intelligence to analyze traffic at layer 3. This is a limitation, but this

simplicity gives bridges the advantage of speed. By decreasing the amount

of analysis that must be performed on each frame, the bridge can forward

more traffic between networks. Internally, a bridge builds a map of its

directly connected networks and the MAC addresses of the hosts attached

to each, as Figure 1-2 and Table 1-2 illustrate.

 

Figure 1-2: A bridge forwards traffic between network segments based on the

destination MAC address of the frame. 

A bridge listens to each frame on a segment and compares the destination

MAC address to a table it stores in memory. By consulting the table in RAM, the

bridge is able to determine if the destination MAC address is on the correct

network segment or not. If it is a broadcast frame or belongs on another

segment, the frame is copied.

 

Switches perform many of the same functions as bridges and have

replaced them in many networks. Bridges also forward frames based on the MAC

address, but they are characterized by having eight or more network interfaces.

Each of these interfaces may connect directly to a host, or it may connect to

another switch or hub. The cost per port on switches has decreased in recent

years to such a degree that switches are actually replacing hubs, which operate

strictly at the physical layer. Windows NT includes only weak bridging capabilities

within RAS, the Remote Access Service. Because bridging is not a critical

component of NT, it will not be a topic of much discussion in this book.

 

Remember that the entire purpose of stratifying network communications

is to make each layer independent of the other layers. Because of this, bridges

and switches forwarding frames make no distinction between frames that carry

TCP/IP and frames that carry IPX/SPX.

 

Layer 3 – the Network Layer

Layer 3 of the OSI model, the network layer, defines how traffic gets

across networks. It defines an addressing scheme that includes both network

and host addresses, mechanisms for traffic control, and, often, a checksum.

 

The most well-known examples of layer-3 protocols are Internet Protocol

(IP), Internet Control Message Protocol (ICMP), Internetwork Packet Exchange,

X.25 (IPX), and Asynchronous Transfer Mode (ATM).

 

The network layer includes an addressing scheme that allows for greater

robustness than is provided by the data-link layer. The network layer allows any

two systems to address each other, regardless of whether or not they are

directly connected. In order to accomplish this, the network layer includes

routing protocols such as IS-IS, RIP, and OSPF. It also includes packet

fragmentation and reassembly, which allows packets to traverse networks with

different maximum packet sizes, also called MTUs, or maximum transfer units.

 

The most well-known examples of layer-3 protocols are Internet Protocol

(IP), Internet Control Message Protocol (ICMP), Internetwork Packet Exchange,

X.25 (IPX), and Asynchronous Transfer Mode (ATM).

 

The network layer includes an addressing scheme that allows for greater

robustness than is provided by the data-link layer. The network layer allows any

two systems to address each other, regardless of whether or not they are

directly connected. In order to accomplish this, the network layer includes

routing protocols such as IS-IS, RIP, and OSPF. It also includes packet

fragmentation and reassembly, which allows packets to traverse networks with

different maximum packet sizes, also called MTUs, or maximum transfer units.

Network components that connect different networks and switch packets

are called routers. The OSI model refers to them as Intermediate Systems (ISs),

hence the routing protocol name IS-IS. You will also hear the term gateway. The

two words, “router” and “gateway,” are usually synonymous. Routers, by

definition, exist at the network layer. As network technology evolves, the distinct

capabilities of bridges, routers, and switches merge into single devices. Modern

routers commonly include bridging functions (occasionally called brouters).

Modern switches often include layer-3 routing capabilities.

 

Network-layer addresses are different from data-link-layer addresses in

that they are hierarchical. They include an address for the network, which aids

routers in finding the destination. They include a distinctly different address for

the host, which allows a computer to identify itself within a specific network. IP

has 32 bits to be shared between both the network and host addresses, with a

variable number of bits dedicated to each. In contrast, IPX has a 32-bit network

address and uses the MAC address as the host portion of the address.

 

Layer 4 – the Transport Layer

The fourth layer of the OSI model, the transport layer, is responsible for

maintaining a conversation between two nodes on a network. It provides for

error correction and for data fragmentation and reassembly.

Transport layer protocols for the IP protocol suite include TCP (Transmission

Control Protocol) and UDP (User Datagram Protocol). SPX (Sequenced Packet

Exchange) is a common layer-4 protocol for the IPX layer-3 protocol.

 

Layer-4 protocols come in two distinct flavors: connection-oriented and

connectionless. Connection-oriented protocols allow two-way conversations to

take place between hosts. They provide for guaranteed delivery and order. TCP

is the connection-oriented transport protocol in the TCP/IP stack. Common uses

of TCP are World Wide Web requests, Windows NT file transfers, and Telnet

traffic.

 

Connectionless layer-4 protocols have the advantage of requiring less

overhead. They allow for “fire and forget” communications, where a message

must be sent but the sender does not need to be notified if the packet is not

transmitted correctly. Connectionless protocols are more efficient because they

do not need to maintain header fields for order and the sender has no need to

wait for an acknowledgment from the destination. However, they are only suited

to traffic for which delivery is not critical. UDP is the connectionless transport

protocol in the TCP/IP stack. Common uses of UDP are DNS queries, Windows

NT browser notifications, and network broadcasts.

 

Layer 5 – the Session Layer

Layer 5, the session layer, provides for complex conversation controls. It

allows for the management and synchronization of communications between

hosts. The session layer is also responsible for user authentication.

 

In reality, the session layer is one of the least practical of the OSI layers

and is rarely referred to. Indeed, there is no corresponding layer in the

Department of Defense model on which TCP/IP is based. I will spend very little

time on the session and presentation layers simply because this book is centered

around TCP/IP and these two layers have no direct correlation.

 

Layer 6 – the Presentation Layer

The presentation layer, layer 6 of the OSI model, provides a layer of

abstraction to the application layer of the OSI model. This allows applications to

agree on standardized representations for data. Network redirectors such as the

Workstation service typically work with the presentation layer.

 

The ISO intended this layer to provide conversion between different

formats, such as converting carriage returns to carriage return/line feed

combinations when necessary. Tasks such as compression and encryption should

be implemented here, though they are often implemented in protocols at other

layers. Like the session layer, the presentation layer is not a common topic of

conversation at dinner parties.

 

Layer 7 – the Application Layer

The top of the OSI food chain is the seventh layer, the application layer.

The application layer does not describe applications; instead, it provides an

interface to the network for applications. In this way, applications have a simple

way to communicate across a network, without prior knowledge of the physical

topology, the network architecture, or the network protocol. Based on input from

applications, the application layer makes use of the layers beneath it to

communicate across a network and exchange useful data between hosts.

 

Protocols that are commonly used and exist at layer 7 of the OSI model

are HTTP (Web requests), FTP (Internet file transfers), and Telnet (remote

consoles).

 

How the OSI Model Works

 

To tie things together, let’s go through an example of network

communications and consider how each layer of the OSI model is used. If you

launch a Web browser and visit a Web site, the Web browser makes requests

with an application-layer protocol, HTTP. In theory, HTTP communicates directly

with the Web server’s HTTP service, also at the application layer. Think back to

Figure 1-1, which showed protocol data units being passed horizontally from the

application layer of the client directly to the application layer of the server–the

HTTP protocol is an example of how this theory works in practice.

 

When sending a request to retrieve a Web page, the protocol is not

concerned about the network topology in any way–it relies on the lower layers to

take care of those details. HTTP creates a request that it wants the HTTP server

to receive, something like, “GET /.” It passes this data to the transport-layer

protocol. In this case, the transport-layer protocol is TCP. (TCP/IP does not

include the session and presentation layers, so they are not present in this

example.)

 

As shown in Figure 1-3, TCP adds a header and passes its SDU to the

network-layer protocol, IP. IP, in turn, pads the data it received from TCP with a

header and passes it to the layer-2 protocol, which may be Ethernet, Token Ring,

FDDI, or something else. The data-link-layer protocol passes it to the layer-1

protocol (which is generally dependent on the layer-2 protocol), and the layer-1

protocol converts it into actual electrical signals that can be received by the

destination host’s network interface card.

 

In summary, the OSI model’s greatest value to most network engineers

comes from providing a convenient method of describing protocols in

conversation. For example, as a network engineer armed with a strong

knowledge of the OSI model, you can use catch phrases in conversation such as,

“Of course TCP isn’t responsible for getting the traffic through the routers! It’s a

layer-4 protocol!”

Rest assured you will soon be the life of any party.

 

The purpose of the OSI model is to provide entirely separated layers so

that protocols residing at a particular layer may be “mixed and matched” with

protocols at other layers. In reality, however, layer-3 protocols are used only

with specific layer-4, -5, -6, and -7 protocols. For example, you cannot use the

transport-layer TCP protocol with the network-layer IPX protocol. TCP is only

used with the network-layer IP protocol. This grouping of protocols at multiple

layers has led to the development of protocol suites. The next section describes

the protocol suites supported by Windows NT.

 

Figure 1-3: A request from a user traverses the OSI model until it is

converted into network traffic. Once it reaches the host, it moves back up the

OSI model so that a server application may interpret the request.

 

bottom of page