< Back

Network Layers: The OSI Model

Wed, 13 Mar 2013


Complex technology is best designed in a modular form: starting with a basic building block, adding the next layer of fundamentals, then subsequent layers which builds on top of each other, until finally the whole stack of layers becomes a usable platform. Let’s take the PC for example:

  • A century of scientific development brought us AC electricity distribution and transformers, needed to power the computer;
  • Production of integrated circuits enabled the first CPUs and RAM to be born leading to entire motherboards;
  • Very basic software code enabled the first basic operating systems;
  • Software programmers built command lines and later graphical windowing systems to work within the operating systems;
  • Finally other programming houses leverage the capabilities of all of this to develop and sell word processing, desktop publishing and graphics packages.

The advantage of this approach is it enables experts at each “layer” of the design process to concentrate on their specialities: an electrical engineer doesn’t write word processing code, and circuit board designers (who work with 5-12V DC) don’t have to concern themselves with 110-230V AC electrocution! And vice-versa.

The Internet is the widest deployed technology in the world today: but of course it isn’t a single technology – it’s a layered collection of different specialisms developed over (a short) time, in much the same way as the build of the computer.

The stack of layers is called the Open Systems Interconnection (OSI) model – a standardisation from 1979 on which all networks, including the Internet at large, are built. This model allows different manufacturers and consultants to concentrate on just a single layer of the technology stack, assuming that everything above/below their layer of concentration will work correctly. The layers are as follows.

Layer 1: Physical

This is the tangible construction of a network, typically using copper (electrical) or fibre (optical) cabling. This layer is primitive but essential: it ensures that individual binary bits (0s and 1s, low and high signals) can be sent by one device and received by another. Network interface cards (NICs, or “ports”) and pluggable modules (e.g. SFPs, XFPs, GBICs) convert binary data to/from electrical or optical form.

Left, CAT electrical cable with RJ45 connectors and an SFP. Right, optical cable with SFP module

Layer 2: Data Link

On a small local network (LAN), devices need to communicate directly with each other. This layer ensures that data sent by one device on a LAN is wrapped into a frame, with an address for the destination device, and that the frame gets to where it needs to go – a process called switching (you can think of a network having multiple paths, and at each “junction” between paths a “switch” exists to change the path taken for each frame depending on its destination).

HP ProCurve 2650 Layer 2 switch

Each device is assigned a unique identifier (like a telephone number) called a Media Access Control (MAC) address, which is globally unique and configured into the device hardware by the manufacturer.

This layer also performs error checking, to discard any data being received that has been subject to distortion, for example by electrical interference or faulty wiring.

Layer 3: Network

The method of switching data frames based on a destination device’s MAC address is only suitable on small networks – as the number of devices on a network grows, it no longer becomes practical to remember paths to all the MAC addresses. It is said the Internet will soon comprise of 15 billion devices!

It becomes necessary to connect lots of smaller networks together – known as internetworking. Layer 3 provides routing – a process used to discover paths to entire blocks of a larger network, including the Internet, then package data into packets and forward those packets onwards towards the destination. By learning the routes to take to reach large blocks of up to 60000 devices, the number of known paths decreases hugely; for example, for 15 billion devices on the entire Internet, this will be more like 500000 routes to destination blocks – still large, but certainly not 15 billion!

Juniper EX 3200 Layer 3 switch for large private IP networks

Just as devices all have their own MAC addresses, each device must have an Internet Procotol (IP) address to be routable in this layer; this is typically assigned manually by a system or network administrator (although it can also be learnt automatically via protocols such as DHCP or the IPv6 SLAAC).

Juniper MX5 router, able to process more than 2 million internet routes

Layer 4: Transport

This layer enhances the capability of routing in the network layer, by also providing features to ensure successful end-to-end delivery of data. These include:

  • Reliability: lost packets can be detected and re-sent to recover from physical failures or congestion;
  • Delivery order: if some packets arrive later than others and hence in the wrong order, this layer re-sorts them correctly;
  • Duplicate protection: if some packets are duplicated, the duplicates are discarded;
  • Multiplexing: enables a single computer to run multiple services at the same time – for example, a server to run a Web service, an SSL-enabled Web service, a mail server and a control session (SSH or remote desktop), all on the same IP address.

The most common protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), both of which use the concept of ports to allow multiple applications to run on the same IP address at the same time, whilst keep their network data separate from each other. Each port is a number from 1 to 65535, enabling over 65000 separate network services to be run from a single computer.

Streaming audio/video mostly use UDP; TCP is used, e.g. for websites, where accuracy and reliability are important

The two protocols differ in that TCP offers a full range of guaranteed deliveries, but UDP is simpler and offers no guarantees of delivery (packets may be lost or duplicated) or ordering (packets arrive in the wrong order). UDP is most common for realtime applications such as streaming, voice over IP (VoIP) and gaming, where once a packet is lost it is too late to recover it anyway.

Higher Layers (5, 6 and 7)

The first four layers are enough for software programmers to then build their applications on top of. The remaining higher levels become somewhat blurred: for example the TCP/IP models aggregate all of the remainder together into a single “application layer” and make no other particular distinctions. The final three layers of the OSI model are actually:

  • Layer 5 (Session): Provides control over opening and closing transport layer connections between hosts, and keeping them “alive” during communications;
  • Layer 6 (Presentation): We’re not talking about PowerPoint, but instead how raw data (bytes) is being encoded to the application: for example, determining the data endianness, the character set (for text data), whether the data is compressed or encrypted.
  • Layer 7 (Application): Finally, software developers write application protocols that work at this level: for example HTTP, FTP, SSH, SMTP, DNS. In some cases, there is some overlap with lower levels – for example, HTTP contains mechanisms to describe the character encoding and compression of content (usually Layer 6) at this layer.


This is a basic introductory guide. Knowing the OSI model layers is important to understanding how networks function, and troubleshooting issues as they arise. It is also important to many of the services we provide, and hence to understanding information we present.

Network engineers are primarily concerned with layers 1 to 3 – ensuring that packets of data always get from A to B with minimal disruption. Data link and IP routing are their main focus.

Layers 4 to 7 are the concern of network security experts and software developers, both of whom look to secure applications and restrict unauthorised access to services at these layers. All firewalls support layers 3 and 4 (IP address and TCP/UDP port control access lists), but many (known commonly as “layer 7 firewalls”) also support inspection up to the application layer – for example, to block particular Web page requests like browsing facebook.com from work!