We use the OSI model to describe application use, network activity, and troubleshooting tasks. In this video, you’ll learn about the layers of the OSI model and how they apply to real-world networking.
If you work for any amount of time in information technology, you’ll certainly hear someone refer to a layer of the OSI model. That stands for the Open Systems Interconnection Reference Model. And it’s a way to describe the way that traffic is moving from one part of the network to another.
As the name implies, the OSI model is a model. It’s a guideline. It’s a very broad way to describe the way that data moves across the network. And it allows us to communicate with other IT professionals in a way that we both can understand exactly what we’re talking about. If
You do any type of research into the OSI model, you may see references to the OSI protocol suite. The OSI protocols, themselves, didn’t catch on. And in fact, today, we use primarily TCP/IP. But the OSI model, which was built around those OSI protocols, continues to be used as a reference when we talk to other IT professionals.
The OSI model consists of the 7 layers. You can see them represented, here, on the left side of the screen. And at each layer of the model is a set of protocols. And these protocols may be very different depending on the type of traffic going over your network.
You’ll use this OSI model for the rest of your career. It’s a common language that we can use within IT to help describe how data is progressing from the very beginning of the traffic flow to the very end. One common way to memorize these different layers of the OSI model is to start at the top with the application layer through the presentation, session, transport, network, data link, and physical layers.
One common way to remember the different layers of the OSI model is to remember the mnemonic, All People Seem To Need Data Processing. And those initials, for each one of those words, correspond to application, presentation, session, transport, network, data link, and physical.
Let’s start our talk about the OSI model at the very bottom. This is Layer 1, or the physical layer, of the OSI model. And although we’re talking about the physical part of the network, a lot of what happens at this Layer 1 is really about the signaling, or the signal, that’s going over the network connections. For layer 1, we’re talking about the cables that you’re using, the fiber runs, or just the ability to get signal from one part of the network to the other.
If someone tells us that we’re having a physical layer problem, then we’ll want to look at the cabling that we’re using. Make sure that all of our punch-down connections and connectors are working the way they should. We may want to run loopback tests. We may want to check or replace the cables that we’re using. Or perhaps even swap the adapter cards to make sure that we can resolve these layer 1 problems.
The next layer of the OSI model is Layer 2, or the data link layer. This is the layer that is a foundational layer for the protocols that we will then begin to stack on top of Layer 2. You’ll find that Layer 2 is sometimes referred to as the Data Link Control, or DLC layer. And there will be a series of protocols that run as DLC protocols.
A good example of this is on Ethernet networks, where we use the media access control addresses, or MAC addresses. We sometimes refer to those as Layer 2 addresses because they correlate back to the data link control protocols. And since switches make their forwarding decisions based on these MAC addresses, we sometimes will refer to Layer 2 as the “switching” layer.
This image describes communication at Layer 2. You can see the MAC address of this network interface card. And the MAC address of this network interface card. And any communication between those 2, that is using that MAC address, we can refer to as a Layer 2 communication.
If we move up 1 layer in the OSI model, we’re at Layer 3, or the network layer. Sometimes you’ll hear this referred to as the “routing” layer because this is the layer associated with IP addresses. IP addresses are, obviously, very common on our networks. And any device that is making forwarding decisions, based on these IP addresses, is communicating at Layer 3.
This is also the layer where frames will be fragmented or broken into smaller pieces, in order to move those between different types of networks. So if you move between an Ethernet network, off to a WAN network, and then back to Ethernet, you may find that the data is being fragmented. And that fragmentation is occurring at Layer 3.
Layer 4 of the OSI model is the transport layer. Sometimes, you’ll hear this referred to as the “post office” layer because this is the layer that describes how data is being delivered and where it is being delivered into a system. The protocol is used at Layer 4 are protocols such as TCP, that is the Transmission Control Protocol, and UDP, which is the User Datagram Protocol.
This layer is used when you’re accessing a web page, but the web page itself is so large that you can’t send all of the data across the network in one single frame. Instead, you have to split it up into separate frames and send those individual pieces across the network, where they’re put back together on the other side.
Layer 5 of the OSI model, or the session layer, is designed to start and stop communication between one endpoint and another. This is where you would use control protocols, or tunneling protocols, in order to begin the communication of data between one device and another. For example, 1 device may ask, in a browser, can we talk? And it’s communicating that information to Google, which will then set up a session and begin transferring information.
OSI layer 6 is the presentation layer. And just before we’re able to view information on our screen, the presentation layer needs to take this data and put it into a form that we can understand. Anything dealing with the encoding of characters, or encryption of application data, will occur at Layer 6. This layer is often combined with the application layer at Layer 7 because the functionality is so closely associated with our ability to use these applications.
Layer 7 of the OSI model is the application layer. And this is the layer that we get to see. As humans using a computer, we go to a browser screen and start a browser session. And this information that we’re seeing on the screen is the Layer 7 application data.
If you’re transferring a file with FTP, or performing a name resolution with DNS, or simply using a browser with HTTP or HTTPS, you’re using an application layer protocol. Let’s now take these very broad concepts with the OSI model, and try to associate them back to practical, real-world examples. Let’s look first at Layer 1, or the physical layer. If you’re holding a cable, or you’re looking at an analysis of signal going across the network, then you’re working at the physical layer of the OSI model.
If you’re working with switch forwarding, or you’re examining the MAC address of a device, then you’re working at Layer 2, or the data link layer. Moving up to layer 3, or the network layer, we’re now working with IP addresses. So if you’re working with routers that make forwarding decisions based on IP address, then you’re operating at Layer 3.
Layer 4, or the transport layer, deals with UDP and TCP protocols and the port numbers associated with TCP and UDP. Layer 5, or the session layer, is our control layer. Where tunneling information, or setting up communication, between one device and another.
Layer 6 of the OSI model, or the presentation layer, is commonly associated with encryption. If we’re communicating to a web browser over an HTTPS, or encrypted communication, then we’re working at OSI Layer 6. And lastly, the web browser that we’re viewing and the information that’s on our screen is able to be shown to us, thanks to OSI Layer 7, or the application layer.
Another practical view of the OSI model can be seen in a packet capture application. In this case, I’m using Wireshark to capture data going across the network. And there are 3 windows that you can see in this Wireshark communication. The view at the top is the summary view. Each line that’s within that summary view is showing us 1 frame that’s going across the network. At the bottom of the screen is a Hexadecimal and ASCII representation of that data.
But where we want to focus is the middle window, which is the detailed window. In this detailed window, we can see each part of this communication broken out into the separate OSI layers for a single frame. For example, we’ll look at this frame number 88 that’s currently selected. Frame 88 shows us that it’s using 2,005 bytes on the wire. And that is describing the traffic that is being received at Layer 1, or the physical layer.
Just underneath that is a line of information showing this as an Ethernet II frame. It shows a source MAC address and a destination MAC address, which means that it’s referring to layer 2, or the data link layer. To see layer 3 information, we go to the next line, which is showing us internet protocol, or IP. And we know if there are IP addresses, such as the ones listed here, then we must be working at Layer 3, or the network layer.
The next line underneath the layer 3 information is the layer 4 information. In this case, it’s the TCP protocol using a port number of 18-4-29 as the source. And the destination port is the HTTPS protocol using port 4-43. All of those TCP communications are occurring at Layer 4, or the transport layer.
Not uncommonly, you’ll often see layers 5, 6, and 7 grouped together. And in fact, in Wireshark, we see it grouped together here as well. You can see there is the Secure Sockets layer, which is the final line in this detailed view. And that particular Secure Sockets layer, details the session, presentation, and application layer traffic traversing the network.
Each time you use an application, or send traffic over the network, you can describe this communication in the context of the OSI model. Let’s take for example an application like Google Mail. We’ll log into Google Mail at mail.google.com. And as we are using that application on our screen, we’re using OSI Layer 7, or the application layer.
If we’re sending information back and forth to our browser, everything being communicated to this mail server at Google is being encrypted. And it’s being encrypted thanks to the presentation layer at Layer 6, which is using SSL encryption. Layer 5 is the session layer, which is linking together everything above at the presentation and application layer, to all of the traffic below that will be traversing the network.
And just below that layer 5 is the layer for transport information. We know that this communication is probably going to use TCP 4-43, which means that we’ll be using the transport layer to send that TCP data. There’s, of course, IP addresses that are used between your workstation and the Google email server. And all of that communication is occurring thanks to the IP encapsulation associated with Layer 3, or the network layer.
All of that TCP and IP traffic is being encapsulated within Ethernet frames. And those Ethernet frames are being sent over the network thanks to Layer 2, or the data link layer. And lastly, the physical signals to be able to send these frames from one device to another are occurring at Layer 1, or the physical layer.
By separating the network communication into this well-known series of layers, you’re able to communicate with other IT professionals when you’re troubleshooting, examining applications, or trying to get an understanding of how applications may be working over your network.