Understanding the OSI Model – CompTIA Network+ N10-006 – 5.1


We use the OSI model to help describe the process used when data is sent across the network. In this video, you’ll learn about the OSI models and how each layer of the model applies to real-world network communication.
<< Previous: Company Security PoliciesNext: Network Fundamentals >>


The OSI model is the Open Systems Interconnection Reference Model, and it’s a way to describe the process that data takes when it leaves one device, goes across the network, and is received by another device. Since model is in the name, that implies that this is more of a guideline. This is not something where we can definitively say that this particular protocol runs in this particular layer of the OSI model, but it does give us a general idea of how this operates.

This is not to be confused with the OSI protocol suite. The Osi model and the Osi protocol suite came out at about the same time, and although the OSI model still remains, we are no longer using the OSI protocol suite on our networks. There are different protocols that operate at different layers of the OSI model, and in this video, we’ll step through a number of real world examples of how you can determine what protocol relies on what layer of the OSI model. And you’re going to refer to this model often in your career.

You’ll refer to a Layer 3 router or a Layer 2 device on your network, which might be a switch, and very often you’ll describe a problem happening at the application layer or Layer 7. If you’re trying to remember the different layers of the OSI model, there is a pneumonic– all people seem to need data processing. That’s application, presentation, session, transport, network, data link, and physical.

Layer 1 of the OSI model is the physical layer. This is the layer that’s all about signaling. It’s about getting the signal across from one side of the network to the other. That means that it’s going over cable or fiber. We’re not really talking about protocols at this point, we’re really talking about just being able to get signal from one side of the network to the other.

You often hear somebody troubleshoot and say I think I have a physical layer problem, which means they’ve got a problem with the cable. Maybe the distance between two devices is over the specification, maybe something is not punched down properly, but for some reason, you’re having a problem with getting signal from one device to another. Layer 2 is the data link layer. This is where we start talking about sending data blocks from one side of the network to the other. We often refer to these as Data Link Control protocols, DLC protocols.

For instance, on Ethernet, we are always referring to the MAC address of an Ethernet device. That media access control address works at Layer 2, the data link layer of the OSI model. We’ll sometimes refer to Layer 2 as the switching layer because switches make their forwarding decisions based on the destination MAC address inside of an Ethernet frame. So you might have one MAC address on one side, one MAC address on the other side, and that communication between those devices is happening at OSI Layer 2.

Layer 3 of the OSI model is the network layer. Now we’re talking about being able to route traffic from one side of the network to the other between subnets, so we often refer to this as the routing layer. This is where IP addresses live. If we’re looking at an IP address, then we’re referring to a Layer 3 address. And we’re referring specifically to the network layer of the OSI model. This layer is also responsible for taking large amounts of data and fragmenting it up into smaller pieces so that you can go through network segments that can’t handle those larger frame sizes.

Here’s an example of how fragmentation works at this Layer 3 of the OSI model. This network layer might be sending information that has a DLC header and an IP header, but within that IP part of the frame, we have a TCP header and TCP data. But if we’re going through a network connection that can only handle 16 bytes as a maximum size within the IP part of the frame, then we need to start fragmenting. So we might fragment the first 16 bytes and then send a completely different frame that’s got another 16 bytes, and then finally another frame that has the last few remaining bytes.

On the other side, those fragments are going to be put back together into its original form, and you’ll have this original IP data that you started with. Layer 4 of the OSI model is the transport layer. This is sometimes called the post office layer because you were sending traffic to a specific device and a specific port number on that device, very similar to sending a letter to a post office but to a very specific post office box at that post office. We commonly refer to Transmission Control Protocol, TCP, and User Datagram Protocol, UDP, at Layer 4 of the OSI model.

As we go higher into the OSI model, we’re now getting closer and closer to the operation of how an application is working. And we start to see some of that at Layer 5 which is the session layer of the OSI model. The session layer is going to set up communication between devices. It will start the communication flow, maintain the communication flow, and ultimately stop the communication flow between those devices.

This might also set up a half duplex or full duplex connection between those devices, and it might also include things like control protocols or tunneling protocols to be able to move traffic between those two devices. Layer 6 is the presentation layer which helps determine how we are able to finally view this information once we get to Layer 7. So it will deal with things like character encoding, the way characters look in the United States will be different than characters in France or in Greece.

This is also where applications may be encrypting or decrypting information to be able to privately send that over the network. You often see Layer 6 combined with the application layer because they are so tightly integrated with each other. And Layer 7 is the application layer. This is the layer that we, as humans, get to see finally, so if it’s web browsing or file transfers or name resolution or email, it all happens to our eyeballs right here at Layer 7.

Let’s summarize this to how we view the OSI model here in the real world. We can start with down at Layer 1, that physical layer. We’re talking about the cables and the fiber because that’s how we get signal from one side to the other. At Layer 2, we’re referring to frames. Those have MAC addresses or sometimes you’ve referred to them as Extended Unique Identifier addresses, like EUI-48 or EUI-64.

The switches all make their determination on how to forward information based on this Layer 2 address. At OSI Layer 3, we’re talking about IP addresses. So therefore we’re also talking about routers. We often refer to this IP information as packet information. Layer 4 is where our TCP and UDP port numbers are, so we can think of segmentation with TCP and the datagram information that would be going across the network with UDP.

Layer 5 is our session information. These are our control protocols and our tunneling protocols that we might use between two devices. Layer 6 we’re talking about application encryption and the way that our characters are encoded. And finally on Layer 7 is what we see as the real application in front of our eyes. If you wanted to see this technically, you can always capture packets– I’ve done this with Wireshark– and I can start looking at the details of some of these packets.

This happens to be one to Google Mail. If we start looking into the detail of this frame, you can see that the first thing listed is that this is frame 88 that was captured, and you can see the bytes that were captured on the wire. You can think of that as being the signal or Layer 1 of the OSI protocol. The next line shows the MAC address communication. You can have a source MAC address, which is this Dell MAC address, and the destination is the Netgear router that I’m communicating to.

So there’s Layer 2 of the OSI model. If we move up to Layer 3, the network layer, we have IP addresses, the source IP address and the destination IP address. Going again to Layer 4 now, we’re at the TCP layer. So you can see the port numbers that are in use between these two devices. And because all of the rest of the information is encrypted, you can effectively combine Layers 5, 6, and 7 into this next part which is the secure sockets layer or the encrypted part of this communication.

If we then summarize just that single frame that we looked at in the packet capture, we had our electrical signals at Layer 1, our Ethernet MAC addresses were at Layer 2. We saw IP addresses at Layer 3, and in that case, we saw a TCP port number at Layer 4. You had session information which linked all of the presentation information at the top with all of the transport information at the bottom, and of course, all of this was SSL encrypted. And if we could see the browser that was sending all of this traffic over the network, we’d be able to see the Google Mail application running in that window.