Open in app

Sign in

Write

Sign in

What is OSI Model?

Melih Firat
10 min read1 day ago

--

OSI was invented by the International Organization for Standardization. It is designed to allow one application to communicate over a network with an application in another system, no matter how complex the systems to which they belong.

The OSI model has 7 different layers, each layer has different protocols, communication methods and mechanics. Depending on the complexity of the communication between devices, communication can go to higher layers. Not every communication between network devices has to use 7 layers.

For example, ARP is a communication method that works between layer 2 and layer 3.

What is ARP, Explaining with an Example ARP Scenario

Reading this section without knowing the OSI model will raise questions in your mind. This is exactly what I want, don’t worry. Immediately after this section, I will explain the details of the OSI reference model, so your questions will have fresh answers. Come back to this section after completing the article and get to know ARP with confidence this time!

ARP is a protocol used to find the MAC address of a device on the local network whose IP address is known, for example:

A device on the local network broadcasts an ARP packet to other devices on the local network with the question “Does the device with IP address X belong to the LAN we are connected to?” encapsulated in ethernet. If the device with IP address X belongs to this network, this device encapsulates the ARP response packet into ethernet and sends its MAC address unicast to the querying device.

ARP scan
ARP response
Ethernet is carrying an ARP packet and an expanded view of the ARP packet

This communication between local devices is enabled by the Ethernet frames, which are used to translate the 0 and 1 signals (Layer 1) carried by cables into a meaningful structure.

The Ethernet frame, thanks to the structures it contains, allows the incoming signals, i.e. 0s and 1s:

  • at which point there is the start of a new ethernet frame,
  • at which point is the data held on the ethernet,
  • and at what point the end of the ethernet frame is reached

makes sense. These groups of meaningful/framed bits (Layer 2) are transported between physical devices via cables. The components that give meaningful structures to the bits in frames are ethernet cards. Cables are connected from ethernet cards to ethernet cards. MAC addresses are physical addresses engraved on the Ethernet cards.

Ethernet works at Layer 2, but since it holds IP addresses in the ARP packet, you may hear it said that the ARP process works between layer 2 and 3, that is, in a way, at layer 2.5.

broadcast: one device sending a message to all devices on the network.

unicast: one device sending a message to one and only one other device.

multicast: one device sending messages to specific multiple devices on a network.

MAC address: The unique physical address of network devices.

IP address: Unique connection addresses of network devices.

Each layer has different communication languages, different rules and mechanics. In order to communicate properly, devices participating in the network and involved in the communication need to follow this set of rules.

Layer 1 — Physical Layer

It encompasses technologies that allow data to be transported in bits. The reason it is called physical is because it is indeed physical. We can’t hold a bit in our hand and see it being carried across the Internet, but we know that it is carried by electricity or light through Ethernet cables, or in frequency waves such as Wi-Fi, BlueTooth, etc.

The structures that carry the bits, the 0s and 1s, we call the physical layer structures. The bits they carry are called signals. They are not responsible for addresses, for whether the transmission takes place or not. They physically carry the signals used in the transmission.

They are not smart devices, they carry the signals they are given. They do not know where they are carrying them.

Visualization of internet signals carried on an Ethernet cable on an oscilloscope — Source Ben Eater, YouTube

Layer 2 — Data Link Layer

Ethernet port and Ethernet card on the back / Wi-Fi card / Bluetooth USB dongle

Ethernet cards, Wi-Fi cards and BlueTooth USB chips are data link layer devices. They make sense of physical signals carried in different ways and convert them into data. The Ethernet card makes sense of cable-borne signals, while the Wi-Fi card and BlueTooth USB dongle make sense of frequency-borne signals.

Data link layer devices recognize each other by their MAC addresses. MAC addresses are etched into these devices and these addresses are unique to these devices.

Switch devices are also in this layer. This is because switch devices can interpret MAC addresses and have MAC addresses themselves.

Routers are both layer 2 and layer 3 devices, they have both a MAC address and an IP address, which makes them layer 3 devices.

The reason I use a router as an example here is to show that a device can operate at a lower or higher layer.

Each input port and each output port of Switch and Router devices have separate MAC addresses.

In the image above, computers that want to access the Internet point to the MAC address of the Router and transmit Ethernet frames from the Switch to the Router. The Router removes the Ethernet header and carries the data contained in the Ethernet to the Internet (to another Router)
Internet, WAN is a network of interconnected routers

Layer 3 — Network Layer

If a device on a local network wants to communicate with a device on another network, how can it communicate with this device by accessing the Internet from the router?

Network layer devices recognize each other by their IP addresses, layer 3 devices whose IP addresses they know reach each other by bypassing routers.

If the device is not primarily on our network, we cannot know its MAC address, and even if we do, we cannot use it, because the MAC address is used in the local area network (LAN) and only for devices to recognize each other. If the IP is known, the steps are as follows:

The device queries with ARP if there is a device belonging to the network where the IP address is located
No device on the local network does any feedback, our device recognizes that the IP address is outside the local network and sends the frame directly to the gateway (router to the internet)
It removes and discards the header and tail parts of the Ethernet frame opened to the internet from the router and receives the IP packet in the data section. It bypasses the routers with the IP packet and reaches the router responsible for the target local network.
The router in the destination local network creates a new Ethernet frame in which it places the received IP packet. Since it already knows that the destination IP address is in its network, it also knows the MAC address (via ARP). It writes this MAC address to the destination address of the Ethernet frame and writes its own MAC address to the source MAC address. It forwards this frame to the target device.

At the end of the process, the target device exposes the IP packet inside the Ethernet packet. It also exposes and uses the data inside the IP packet.

Layer 4 — Transport Layer

So far, we know a little bit about what happens when, for example, we want to run a website in our browser.

  • The layer 1 signals came out of the Ethernet card as a semantic Ethernet frame that formed layer 2.
  • With the Ethernet frame, the IP packet at layer 3 was transmitted to the Router in the local network.
  • The router opened the Ethernet frame and received the IP packet at layer 3.
  • With this IP packet, it found the correct network and the Router in this network.
  • This Router inserted the layer 3 IP packet into the layer 2 Ethernet frame and delivered the frame to the target device.

If you notice, the protocols in layers 2 and 3 always tried to find a device. Now we are in a scenario where the device is found and reached. The IP address and MAC address are no longer useful. At this stage:

  • The IP packet inside the Ethernet frame is removed.
  • The header and tail structure of the Ethernet frame is discarded, it has done its job.
  • Retrieve the IP packet in the data section of the Ethernet frame. Discard the header of the IP packet, it has done its job.
  • The data inside is retrieved.

This data is the TCP segment that forms the 4th data layer. TCP segments deliver the data (yes, TCP also carries data) to the communication ports on the devices they reach.

Just like:

  • Ethernet frames were carried between layer 2 devices with MAC addresses,
  • IP packets were carried between IP addresses and layer 3 devices,
  • TCP segments are also carried by ports to devices supporting layer 4.

For example, for HTTP web pages this port is 80, for HTTPS it is 443. For SSH it is 22 and for SMTP it is 25. These are standard ports. You can set the ports you want for your own services. This way you can run different services on the same IP address using different ports. For example, you can set one port of your device as website (80) and one port as SMTP server (25).

When you want to open a website, for example Youtube, from a browser (layer 7, but it also supports layer 4), a random port opens in your browser, for example 1111, and your IP address is let’s say 192.168.1.3. We are telling the Youtube server that you can send me data via 192.168.1.3:1111. Let’s say Youtube’s IP address is 100.100.100.100.100 and the connection is HTTPS so the port is 443. So in the header of the TCP segment:

  • Source: 1111
  • Destination: 443

information is written. This TCP segment is written in the data part of the IP packet. We already know that the source and destination IP addresses are written in the header of the IP packet.

TCP segment transfer between destination and source

The data inside the TCP segment is also an upper layer protocol, but we will come to that later.

I can open different tabs in my browser and simultaneously flood TCP segments from those tabs to the same or different websites. I will open a different port for each tab and wait for the data on that port.

This way, we can continue to communicate without interfering with the data because the communication channels are separate.

TCP is connection-based. It means that communication between devices is initially tested and a suitable channel for communication is provided. This testing process is called Three-Way Handshake.

Three-Way Handshake

SYN, SYN ACK and ACK packets form the 3 steps of the three-way handshake. They test whether the channel is ready for a connection to be established. A brief summary of the packets is as follows:

  • Client: Hey, wanna talk? (SYN)
  • Server: Hey, I wanna talk(ACK), wanna talk? (SYN)
  • Client: Hey, I wanna talk. (ACK)

Because TCP uses a Three-Way Handshake, there is some delay. We lose time, but in return we know that the data will reach our port safely and in its entirety.

At layer 4 there is also UDP. UDP is the opposite, it is fast, we save time, but there is no guarantee that the data will arrive in its entirety.

In applications, whether to use UDP or TCP is actually chosen based on this information.

For example, it is better to use UDP when watching a live broadcast over the internet. In live broadcasts, we want to access the data moment by moment. The distortion (pixelation) in the video is not important. When watching a video on Youtube, it is better to use TCP. The video will freeze if necessary, but the video will not be distorted.

As you can guess, there is no Three-Way Handshake in UDP. UDP forwards the packet to the relevant port without question.

Layer 5,6,7 Application Layers

These are the layers where data is generated by applications and presented to the network. Usually these 3 layers are considered together as the Application layer.

The HTTP Get request that the browser generates and sends to the server takes place at layer 7. The HTTP Response sent to the browser also takes place at layer 7.

Encapsulation

  • The process of encapsulating HTTP data into a TCP segment is called encapsulation.
  • The process of putting the TCP segment carrying the HTTP data into an IP packet is also called encapsulation.
  • The process of putting the IP packet carrying the TCP segment carrying the HTTP verse into the Ethernet frame is also called encapsulation.
  • Putting the Ethernet frame carrying the IP packet carrying the TCP segment carrying the HTTP verse into the Ethernet cable as bits 0,1 is also called encapsulation.

I hope it has been explanatory, I have both refreshed my knowledge and learned better while trying to explain this subject. I am happy if I have benefited someone!

GitHub: firatmelih

LinkedIn: firatmelih

Networking
Computer Science
Web Development
Software Architecture
Engineering

--

--

Melih Firat

Written by Melih Firat

4 Followers

Turkish Computer Engineer, trying to explain every step on Backend Roadmap GitHub: firatmelih LinkedIn: firatmelih

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams