OSI - Open Systems Intercommunication Model
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and standardize the functions of a telecommunication or computing system, irrespective of its underlying internal structure and technology. The model divides the communication process into seven distinct layers, each with specific responsibilities, providing networking concepts with an easily understandable, modular model.
The primary purpose of the OSI model is to guide product developers and facilitate communication and interoperability between diverse network technologies. By defining a standard set of protocols and procedures, the OSI model also helps to ensure that products from different manufacturers can work together efficiently. It is like a universal language for describing network functions and processes, promoting a better understanding and troubleshooting of network interactions.
Below is a list of the 7 layers of the OSI model and their key defining characteristics, such as usecase, purpose, responsitibility, protocol, data and denomination (how we call data in transit at a given level).
| Layer Number | OSI Layer | Component | Purpose | PDU | Protocol Examples | Responsibility |
|--------------|----------------|----------------------------|-------------------------------------------------------|------------------|-----------------------------------|------------------------------------------|
| 7 | Application | End-user applications | Network services to applications | Data | HTTP, FTP, SMTP, NTP | Network process to application interface |
| 6 | Presentation | Translators, Codecs | Data translation, encryption, compression | Data | SSL/TLS, JPEG, MPEG | Data translation, encryption, compression|
| 5 | Session | Session Multiplexers | Managing sessions between applications | Data | NetBIOS, RPC | Session establishment, maintenance, termination |
| 4 | Transport | Gateways, Firewalls | End-to-end communication, flow control, error recovery| Segments | TCP, UDP | Reliable data transfer, flow control |
| 3 | Network | Routers | Path determination and logical addressing | Packets | IP (IPv4, IPv6), ICMP | Routing, addressing, internetworking |
| 2 | Data Link | Switches, Bridges | Node-to-node data transfer, error detection/correction| Frames | ARP, Ethernet, Wi-Fi, LLDP | Error handling, framing, MAC addressing |
| 1 | Physical | Cables, Hubs | Transmission and reception of raw bit streams | Bits | Ethernet, USB | Physical connection and signal transmission |
OSI Model Layers
Let's start from the ground up, that is the most basic network layer:
1. Physical Layer (Layer 1)
Description: The Physical Layer is responsible for the transmission and reception of unstructured raw data between a device and a physical transmission medium. It defines the hardware elements involved in the network, including cables, switches, and other physical mediums participating to the transmissions of information.
Key Responsibilities:
- Transmission of raw bit streams over a physical medium
- Hardware elements like cables, switches, and network interface cards management
- Transmission / Signal encoding and modulation
Example Networking Devices:
- Wired Transmission Mediums:: Ethernet cables (Cat5, Cat6), Fiber optics, Coaxial cables, RJ45 connectors, fiber connectors
- Wireless Transmission Mediums: Includes the frequencies used for Wi-Fi (2.4 GHz, 5 GHz, 6 GHz bands), Bluetooth, and other wireless communication protocols.
- Hubs: Operate at Layer 1 (Physical Layer). They simply relay electrical signals without any form of data processing or addressing.
Protocol Landscape: (non exhaustive)
Layer 1
- SDSL (Symmetric Digital Subscriber Line): DSL technology for symmetrical data transfer rates for upload and download. Layer 1.5 (between layer 1 and 2)
- FDDI (Fiber Distributed Data Interface): Standard for data transmission on fiber optic lines in a local area network.
2. Data Link Layer (Layer 2)
Description: The Data Link Layer is responsible for node-to-node data transfer and error detection and correction that may occur in the Physical Layer. Typically, it ensures that data transferred over the physical medium is error-free and frames are properly managed.
Data Topology
- Frame: A frame is a structured unit of data that includes not just the payload (the actual data being transmitted), but also the control information needed for error detection, addressing, and flow control. The key components of a Frame:
- Header: This header contains control information such as source and destination MAC addresses, frame type, and sometimes quality of service (QoS) information.
- Payload: The actual data being transmitted, which typically comes from the layer right above, ie. the Network Layer (see below)
- Trailer: Often includes error detection information such as a cyclic redundancy check (CRC) to ensure data integrity.
| Preamble | SFD | Destination MAC | Source MAC | EtherType | Payload | FCS |
| 7B | 1B | 6B | 6B | 2B | 46-1500B | 4B |
Explanation of the typical Ethernet Frame fields:
- Preamble: 7 bytes (56 bits) used for synchronization.
- Start Frame Delimiter (SFD): 1 byte (8 bits) marking the start of the frame.
- Destination MAC Address: 6 bytes (48 bits) specifying the recipient's hardware address.
- Source MAC Address: 6 bytes (48 bits) specifying the sender's hardware address.
- EtherType/Length: 2 bytes (16 bits) indicating the protocol type or the length of the payload.
- Payload/Data: 46-1500 bytes (368-12000 bits) of data.
- Frame Check Sequence (FCS): 4 bytes (32 bits) for error checking.
Example Networking Devices:
- Switches: Operate primarily on this layer. They use MAC addresses to forward data to the correct destination within a local area network (LAN).
- Bridges: Operate primarily on this layer. They connect two or more network segments, making forwarding decisions based on MAC addresses.
Key Responsibilities:
- Framing or so called Encapsulation (of a network-layer packet into a frame before transmission over the physical medium)
- MAC (Media Access Control) addressing (Frames contain physical addresses (MAC addresses) of the source and destination nodes to ensure the data is sent to the correct device on the network.)
- Error detection and correction (detection and sometimes correction of errors that might occur during a given transmission)
- Flow control (in broad terms, the provided encapsulation metadata ensures that the sender and receiver are synchronized regarding the amount of data sent and received, preventing data overflow and loss)
Protocolar Landscape: (non exhaustive)
Layer 2
- Ethernet (IEEE 802.3): Standard for wired local area network (LAN) technology, providing data transmission over coaxial, twisted pair, or fiber optic cables.
- Wi-Fi (IEEE 802.11): Standard for wireless local area networks (WLANs), allowing devices to communicate over wireless signals.
- PPP (Point-to-Point Protocol): Protocol for direct communication between two network nodes, typically used for internet dial-up connections.
- LLDP (Link Layer Discovery Protocol): Protocol for network devices to advertise their identity and capabilities to neighbors on a local network.
- Token Ring: Network protocol where a token circulates around the network nodes, providing permission to send data.
- HDLC (High-Level Data Link Control): Protocol for transmitting data between network points, providing error detection and correction.
- Frame Relay: Packet-switched protocol for wide area networks (WANs) that handles multiple virtual circuits.
- STP (Spanning Tree Protocol): Protocol to prevent loops in network topologies by creating a spanning tree.
- VTP (VLAN Trunking Protocol): Cisco protocol that propagates VLAN definitions across a switched network.
- CDP (Cisco Discovery Protocol): Cisco protocol for network devices to discover each other and share information.
- L2TP (Layer 2 Tunneling Protocol): Protocol for creating VPNs by tunneling data link layer frames.
- DTP (Dynamic Trunking Protocol): Cisco protocol to negotiate trunking on a link between network devices.
- EAP (Extensible Authentication Protocol): Framework for various authentication methods used in network access.
- Q-in-Q (802.1ad, VLAN stacking): Technique to encapsulate one VLAN tag inside another to extend VLANs across networks.
- ISL (Inter-Switch Link): Cisco protocol for VLAN tagging between network switches.
- GARP (Generic Attribute Registration Protocol): Protocol to allow network devices to register and de-register attributes with a LAN.
- GVRP (GARP VLAN Registration Protocol): Protocol for dynamic VLAN registration and de-registration.
- RSTP (Rapid Spanning Tree Protocol): Faster version of STP to prevent network loops, providing quicker convergence.
- MSTP (Multiple Spanning Tree Protocol): Protocol to manage multiple spanning trees for different VLAN groups in a network.
- 802.1X (Port-based Network Access Control): Protocol for authenticating devices attempting to connect to a LAN or WLAN.
- RPR (Resilient Packet Ring): Protocol for high-speed data transport in a ring topology, used in metropolitan area networks.
Layer 2.5 (between layer 2 and 3)
- ARP (Address Resolution Protocol): Protocol for mapping an IP address (Layer 3) to a MAC address (Layer 2) on a local area network.
- ATM (Asynchronous Transfer Mode): Network technology that transmits data in fixed-size cells, used for high-speed networks.
- MPLS (Multiprotocol Label Switching): Protocol for speeding up and shaping network traffic flows by using labels to route data packets.
3. Network Layer (Layer 3)
Description: The Network Layer is responsible for the delivery of packets from the source to the destination across multiple networks. It handles logical addressing and routing of packets.
Data Topology
The data unit at the Network Layer is called a packet. A typical packet structure at the Network Layer includes key components. See the IP Protocol packet anatomy for such an example.
Key Responsibilities:
- Logical addressing - involves assigning unique identifiers (eg. IP addresses) to each device on a network to facilitate proper packet delivery across networks.
- Routing - the process of determining the path that packets take from the source to the destination across one or more networks. The logical routing decision is made thansk to the use of routing tables and protocols like OSPF (Open Shortest Path First), BGP (Border Gateway Protocol), and RIP (Routing Information Protocol).
- Packet forwarding - the act of moving packets from one network interface to another based on routing decisions
- Inter-network communication - ie. routing protocols, logical addressing, and packet forwarding logic to enable devices to communicate across different networks, facilitated by routers.
Example Networking Devices:
- Routers: Operate primarily on this layer. They use IP addresses to route data packets between different networks, making them essential for internet communication.
- Gateways: They can operate at various layers, typically at Layer 3 (Network Layer) and above, as to translate data between different network protocols.
- L3 Switches: Traditional switches with added routing capabilities. They can perform routing functions, such as inter-VLAN routing, within a local area network (LAN), allowing for more efficient data management and traffic control within larger networks.
- Multilayer Switches: These devices can operate at both Layer 2 and Layer 3. They provide both switching and routing capabilities, making them versatile for handling data within a LAN and routing it to other networks.
- Firewalls (at Layer 3): While firewalls can operate at multiple layers, Layer 3 firewalls filter traffic based on IP addresses and routing information. They are used to enforce security policies and control traffic between networks.
Protocolar Landscape: (non exhaustive)
- IP (Internet Protocol): Provides logical addressing and routing. It is responsible for delivering packets from the source host to the destination host based on their IP addresses.
- ICMP (Internet Control Message Protocol): Used for network diagnostics and error reporting. It supports tools like ping and traceroute.
- OSPF (Open Shortest Path First): A link-state routing protocol used for finding the best path for data exchange within an IP network. It is widely used in large enterprise networks.
- BGP (Border Gateway Protocol): A path vector protocol used to exchange routing information between different autonomous systems on the Internet. It is essential for global internet routing.
- RIP (Routing Information Protocol): A distance-vector routing protocol used for smaller networks. It uses hop count as a routing metric.
- EIGRP (Enhanced Interior Gateway Routing Protocol): A Cisco-proprietary advanced distance-vector routing protocol that includes features of both link-state and distance-vector protocols.
- IPsec (Internet Protocol Security): Provides security for IP communications by authenticating and encrypting each IP packet in a communication session.
- GRE (Generic Routing Encapsulation): A tunneling protocol used to encapsulate a wide variety of network layer protocols inside virtual point-to-point links.
- NAT (Network Address Translation): Allows multiple devices on a local network to share a single public IP address for accessing external networks.
- Mobile IP: Allows mobile devices to move between different networks while maintaining a permanent IP address.
- VRRP (Virtual Router Redundancy Protocol): Provides automatic assignment of available IP routers to participating hosts to increase the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.
4. Transport Layer (Layer 4)
Description: The Transport Layer is responsible for end-to-end communication and error recovery. It ensures complete data transfer and manages the flow control and error checking.
Data Topology
The data unit at the Transport Layer (Layer 4) is called a segment when using the Transmission Control Protocol (TCP) and a datagram when using the User Datagram Protocol (UDP). See the TCP Protocol data encapsulation anatomy for such an example.
Responsibilities:
- Segmentation and reassembly of data - breaking down large messages into smaller segments to fit the network's transmission constraints. Reassembly involves putting these segments back together at the destination.
- Connection management - Establishing, maintaining, and terminating connections between devices. This includes managing the session between the sender and receiver (eg. TCP three-way handshake)
- Flow control / management - this involves regulating the rate of data transmission between sender and receiver to prevent overwhelming the receiver (eg. TCP sliding window protocol).
- Error detection and correction - Identifying and correcting errors that may occur during data transmission (eg. TCP uses checksums).
- Ensuring complete data transfer - to guarantee that all data sent by the source is received accurately and in the correct order by the destination.
Example Networking Devices:
- Firewalls: Modern firewalls often operate at multiple layers, including Layer 4. They can filter traffic based on transport layer information, such as TCP/UDP port numbers, and implement policies for traffic management and security.
- Load Balancers: These devices distribute network or application traffic across multiple servers. At Layer 4, load balancers make decisions based on the TCP/UDP ports and IP addresses to distribute the traffic evenly and ensure no single server is overwhelmed.
- Gateways: Some gateways operate at Layer 4, translating between different transport layer protocols or enhancing performance and security features for specific applications.
Protocolar Landscape: (non exhaustive)
- TCP (Transmission Control Protocol): Provides reliable, ordered, and error-checked delivery of a stream of data between applications. It establishes a connection through a three-way handshake and ensures data integrity and retransmission of lost packets.
- UDP (User Datagram Protocol): A connectionless protocol that provides minimal services with no guarantee of delivery, order, or error correction. It is faster than TCP but less reliable, making it suitable for applications like streaming and gaming.
- SCTP (Stream Control Transmission Protocol): Combines features of both TCP and UDP. It provides reliable, ordered delivery of data streams over a network but supports multiple streams within a single connection, allowing for more efficient and robust data transfer.
- DCCP (Datagram Congestion Control Protocol): A transport protocol that provides bidirectional, unicast connections of congestion-controlled, unreliable datagrams. It is designed to support multimedia streaming and telephony.
- RTP (Real-time Transport Protocol): Used for delivering audio and video over IP networks. It works in conjunction with RTCP (RTP Control Protocol) to monitor data delivery and provide feedback on the quality of the service.
- RTCP (RTP Control Protocol): Works with RTP to provide control and feedback information, such as transmission quality and synchronization between audio and video streams.
- TLS (Transport Layer Security): Provides security for data transmission over a network, ensuring data privacy and integrity. Although often associated with the application layer, it operates at the transport layer to secure protocols like HTTP, SMTP, and IMAP.
- MPTCP (Multipath TCP): An extension of TCP that allows for multiple paths to be used for a single connection, improving redundancy and throughput.
- RDP (Reliable Data Protocol): Designed to provide a reliable data transport service for packet-based applications.
- VMTP (Versatile Message Transaction Protocol): A transport protocol designed to support transactions involving multiple messages in distributed systems.
- SPX (Sequenced Packet Exchange): A transport layer protocol used primarily in Novell NetWare networks, similar to TCP in providing reliable data transport.
- ATP (AppleTalk Transaction Protocol): A reliability transport protocol used in AppleTalk networks to ensure the delivery of transaction-based messages.
- NetBIOS (Network Basic Input/Output System): While often considered an application layer protocol, NetBIOS also includes transport layer functions for session establishment and data transport.
- FCP (Fibre Channel Protocol): Operates in storage area networks (SANs) and provides transport services for SCSI commands over Fibre Channel networks.
- QUIC (Quick UDP Internet Connections): Initially developed by Google, QUIC is a transport layer protocol designed to provide secure and reliable connections using UDP, aiming to reduce latency compared to TCP.
5. Session Layer (Layer 5)
Description: The Session Layer manages sessions between applications. It establishes, maintains, and terminates connections between applications.
Data Topology
The data unit at the Session Layer (Layer 5) is referred to as a session. A session is a semi-permanent interactive information interchange between two or more communicating devices or between a computer and user.
Responsibilities:
- Session establishment, maintenance, and termination - Basically ensures that sessions are properly initiated, maintained during data transfer, and gracefully terminated when the communication is complete
- Synchronization - adds checkpoints or synchronization points within a session (eg. to avoid data loss and to allow recovery from interruptions)
- Dialog control - between two application, includes determining who can send and receive data at any given time.
Example Networking Devices:
- Session Border Controllers (SBCs): Primarily used in Voice over IP (VoIP) networks. SBCs manage the setup, conduct, and teardown of communication sessions, handling tasks such as call routing, security, and quality of service.
- Application Layer Gateways (ALGs): These devices facilitate the session management for certain applications, ensuring that protocols requiring multiple data streams (like FTP or SIP) can traverse firewalls and NAT devices effectively.
- Firewall Devices with Session Management: Some advanced firewalls have capabilities to manage and inspect sessions, ensuring security and proper communication flow between applications.
Protocolar Landscape: (non exhaustive)
- NetBIOS (Network Basic Input/Output System): Provides services related to the session layer, including establishing and managing sessions between applications on different devices.
- RPC (Remote Procedure Call): Allows a program to cause a procedure to execute on another address space (commonly on another physical machine) without the programmer explicitly coding the details for remote interaction.
- PPTP (Point-to-Point Tunneling Protocol): Used to implement virtual private networks (VPNs), encapsulating PPP packets to secure data over IP networks.
- SMPP (Short Message Peer-to-Peer): A protocol used by the telecommunications industry for exchanging SMS messages between SMS peer entities such as short message service centers.
- SIP (Session Initiation Protocol): Used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.
- RTSP (Real-Time Streaming Protocol): Used for controlling streaming media servers, establishing and controlling media sessions between endpoints.
- H.245: A control protocol for multimedia communication sessions, often used with H.323 systems.
- PAP (Password Authentication Protocol): An authentication protocol that uses a two-way handshake to establish a session between a client and a server.
- L2F (Layer 2 Forwarding Protocol): Used to create VPN tunnels across the Internet.
- SOCKS: An Internet protocol that facilitates the routing of network packets between client-server applications via a proxy server.
6. Presentation Layer (Layer 6)
Description: The Presentation Layer is responsible for translating data between the application layer and the network format. It ensures that data is in a readable format for the application layer.
Data Topology
The data unit at the Presentation Layer (Layer 6) is referred to as a presentation data unit (PDU). The PDU at this layer encompasses data formatting, translation, encryption, and compression. See data units encapsulation example topology with TLS.
Key Responsibilities:
- Data translation and encoding - typically converts / encodes data from a format used by the application layer into a common format for transmission, and vice versa (interoperability).
- Data compression - manages the size of the data to be transmitted over the network to improve transmission efficiency.
- Data encryption and decryption - intends to secures data by converting it into an unreadable format before transmission and converting it back to its original format upon reception. (eg. usage of the Advanced Encryption Standard through TLS).
Example Networking Devices:
- SSL/TLS Accelerators: These are hardware devices or dedicated servers designed to offload the resource-intensive processes of SSL/TLS encryption and decryption from the main server, thus speeding up secure communications.
- Encryption/Decryption Devices: These devices handle the encryption and decryption of data, ensuring secure data transmission. They are used in environments where data security is critical, such as in financial services and military communications.
- Compression Devices: These devices handle the compression and decompression of data to optimize bandwidth usage. While not common as standalone devices, these functions are often integrated into network appliances like WAN optimizers.
- Media Gateways: In scenarios involving multimedia communications, media gateways can perform codec translation and transcoding, which are functions associated with the Presentation Layer.
Protocolar Landscape: (non exhaustive)
- SSL/TLS (Secure Sockets Layer/Transport Layer Security): Provides encryption and secure communication over a computer network, ensuring data privacy and integrity.
- ASCII (American Standard Code for Information Interchange): A character encoding standard for electronic communication, representing text in computers.
- EBCDIC (Extended Binary Coded Decimal Interchange Code): A character encoding system used by IBM mainframes.
- MIME (Multipurpose Internet Mail Extensions): Extends the format of email to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs.
- XDR (External Data Representation): A standard for the description and encoding of data, ensuring that data is presented in a canonical form.
- JSON (JavaScript Object Notation): A lightweight data-interchange format that is easy for humans to read and write, and easy for machines to parse and generate.
- BER/DER (Basic Encoding Rules/Distinguished Encoding Rules): Methods for encoding data structures described by ASN.1 (Abstract Syntax Notation One).
- LPP (Lightweight Presentation Protocol): Provides ISO presentation services on top of TCP/IP based protocols.
7. Application Layer (Layer 7)
Description: The Application Layer provides network services directly to end-user applications. It serves as the interface between the application and the network.
Data Topology
The data unit at the Application Layer (Layer 7) is referred to as a message. This layer interacts directly with software applications to provide communication functions.
Responsibilities:
- Network process to application - facilitates the process of network communication to applications (eg. A web browser making an HTTP request to access a webpage).
- Application services - the provision of various services to applications such as file transfer, email, remote login, and data manipulation.
- Service advertisement - advertises available network services to devices on the network.
Protocolar Landscape: (non exhaustive)
- HTTP (Hypertext Transfer Protocol): Used for transmitting web pages over the internet.
- HTTPS (Hypertext Transfer Protocol Secure): An extension of HTTP that provides secure communication over a computer network.
- FTP (File Transfer Protocol): Used for transferring files between computers on a network.
- SMTP (Simple Mail Transfer Protocol): Used for sending emails between servers.
- IMAP (Internet Message Access Protocol): Used by email clients to retrieve messages from a mail server.
- POP3 (Post Office Protocol 3): Used by email clients to retrieve messages from a mail server.
- NTP (Network Time Protocol): Used for clock synchronization between computer systems over packet-switched, variable-latency data networks.
- DNS (Domain Name System): Translates domain names to IP addresses.
- SNMP (Simple Network Management Protocol): Used for network management, monitoring, and configuration.
- Telnet: Provides a command-line interface for communication with remote devices.
- SSH (Secure Shell): Provides a secure channel over an unsecured network in a client-server architecture.
- LDAP (Lightweight Directory Access Protocol): Used for accessing and maintaining distributed directory information services over an IP network.
- SIP (Session Initiation Protocol): Used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.
- RDP (Remote Desktop Protocol): Provides a user with a graphical interface to connect to another computer over a network connection.
- BGP (Border Gateway Protocol): Manages how packets are routed across the internet through the exchange of routing and reachability information.
- SMB (Server Message Block): Provides shared access to files, printers, and serial ports between nodes on a network.
- TFTP (Trivial File Transfer Protocol): A simple, lockstep, file transfer protocol that allows a client to get a file from or put a file onto a remote host.
- IRC (Internet Relay Chat): A protocol for real-time Internet text messaging.
- XMPP (Extensible Messaging and Presence Protocol): A protocol for streaming XML elements for real-time messaging, presence information, and contact list maintenance.
- MQTT (Message Queuing Telemetry Transport): A lightweight messaging protocol for small sensors and mobile devices, optimized for high-latency or unreliable networks.
- CoAP (Constrained Application Protocol): A specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things (IoT).
- NFS (Network File System): A protocol for distributed file sharing.
- NNTP (Network News Transfer Protocol): Used for the distribution, inquiry, retrieval, and posting of Usenet articles.
- DHCP (Dynamic Host Configuration Protocol): Provides IP addresses to devices on a network automatically.
- RTSP (Real-Time Streaming Protocol): Used for controlling streaming media servers.
- SOAP (Simple Object Access Protocol): A protocol for exchanging structured information in the implementation of web services.
- REST (Representational State Transfer): A web services architectural style that uses HTTP requests to access and manipulate data.
By understanding the responsibilities and examples of each OSI layer, you can foresee and comprehend how different protocols and technologies interact within a network, and how attacks take place.
Done!
Thanks and Congratulations for reading this to the end. We hope this article brings a little clarity over OSI conceptual model.