Open System Interconnection Model
The Open System Interconnection (OSI) Model
This useful guide compares the various layers of the OSI model and how they interact with each other.
The Open System Interconnection or OSI Model identifies a networking framework as employing protocols in seven layers. Control is passed from one layer to the next, beginning at the application layer (layer 7) on the initiating station and proceeding to the physical layer (layer 1) to transmit over the channel to the receiving station and then back up the seven layers of protocols to arrive back at the application layer (layer 7).
For example: If your application is Skype, then the OSI Model covers your voice being broken down into a rush of electrons (from seventh layer down to first layer) and back into something that might sound almost like you from the other side of the world (from first layer up to seventh layer).
There is really nothing to the OSI model, the OSI Model does not perform any functions in the networking process, it is just a theoretical framework so we can better understand the multifaceted interactions that are occurring during the transmission of data. The OSI Model takes the task of internetworking and divides that up into what is referred to as a vertical stack consisting of the following layers:
Physical (Layer 1)
This layer transmits the bit stream in the form of electrical impulse, light or radio signal through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including cables, cards, couplers, connectors, and other physical aspects. Fast Ethernet, ATM, and RS232, are protocols with physical layer components. Layer 1 Physical examples include Ethernet, Fiber Distributed Data Interface(FDDI), Bipolar or Binary 8-Zero Substitution (B8ZS), RJ45, V.35, V.24.
Data Link (Layer 2)
At this layer, data packets are encoded and decoded into bits. The data link layer supplies transmission protocol knowledge and manages errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to data and permission to transmit it, while the LLC sub layer controls frame synchronization, flow control and error checking. Layer 2 Data Link examples include Point-to-Point Protocol (PPP), Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM), IEEE 802.5/ 802.2, IEEE 802.3/802.2, High-level Data Link Control (HDLC), Frame Relay.
Network (Layer 3)
This layer presents switching and routing technologies that create logical paths known as virtual circuits for transmitting data from node to node. Routing and forwarding are functions of this layer as well as addressing, internetworking, error handling, congestion control, and packet sequencing. Layer 3 Network examples include AppleTalk Datagram Delivery Protocol (DDP), Internet Protocol (IP), Internetwork Packet Exchange (IPX).
Transport (Layer 4)
This layer provides transparent transfer of data between end systems or hosts and is accountable for end-to-end error recovery and flow control. The transport layer ensures for the complete transfer of data. Layer 4 Transport examples include Sequenced Packet Exchange (SPX), Transmission Control Protocol (TCP), User Datagram Protocol (UDP).
Session (Layer 5)
This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end and deals with the session and connection coordination. Layer 5 Session examples include Network File System (NFS), NetBios Names, Remote Procedure Call (RPC), Structured Query Language (SQL).
Presentation (Layer 6)
This layer provides independence from variations in data representation (encryption for example) by translating from application to network format, and vice versa. The presentation layer works at altering data into the form that the application layer can accept. This layer formats and encrypts data to be sent across the network, providing freedom from compatibility issues and is often referred to as the syntax layer. Layer 6 Presentation examples include Encryption, ASCII, EBCDIC, TIFF, GIF, PICT, JPEG, MPEG, MIDI.
Application (Layer 7)
This layer supports application and end user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are recognized. Everything at this layer is application specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer. Layer 7 Application examples include WWW browsers, Network File System (NFS), Simple Network Management Protocol (SNMP), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Telnet.
The OSI Model does nothing but describe how a complete networking stack might appear. The idea is that each of the individual seven layers perform a particular function in network communications, but only knows enough to interoperate with the layer immediately above or immediately below. If you are employed in a systems or network administration/engineering position, layers six and seven will likely to never be of any real concern to you, and you may only occasionally concern yourself with layer five. We are really only going to focus on layers one through four, and that is what we will discuss below.
Physical (Layer 1)
In theory, layer one is extremely easy to understand as it is all in the name 'physical'. This is the electrons and the cables, wires, fiber, switch ports, and network adapters. It is the world of twisted pairs CAT-5e and CAT-6 in the attempt to limit crosstalk and interference. Just be aware that cables and switches are crucial to the transmission of data, they can break, and they do require respect and attention.
Data Link (Layer 2)
Layer two is where confusion usually begins, from this point and onward to the transport layer (level 4), everything exists because we are told that it does. It is the first level at which those pulses of light and electron bursts take on some sort of meaning. For those in the Hyper-V world, it is mostly going to be Ethernet. The unit of communication within the Ethernet is the frame. In keeping with our layered model perception, the frame was a sequence of light or electric pulses that some physical device like a network adapter has re-interpreted into digital bits. The Ethernet specification states that a series of bits has a particular format and meaning. An incoming series of these bits starts with a header and is then followed by what is expected to be a data section often referred to as the payload, and ends with a set of validation bits. This is the first demonstration point of the OSI Model showcasing that layer one handles all the mundane parts of converting pulses to data bits and back while layer two is only aware of and concerned with the ordering of these digital bits.
The Ethernet Frame: By examining the Ethernet frame header, we can see most of the basic features that reside in this layer. The first thing of note is the source and destination MAC addresses (Media Access Control Address). On any Windows machine, when you run IPCONFIG /ALL you will unearth the MAC address in the Physical Address field. Run Get-NetAdapter in PowerShell and you can retrieve the value of the MAC Address field or the Link Layer Address field. The MAC Address is displayed in six binary octets, usually represented in two digit hexadecimal number groupings, such as: E0-06-E6-2A-CD-FB. In case you were not aware, the hyphens are only present to make it human readable. You will often observe colons used instead, or no delimiters at all. Every network device manufacturer has their own prefixes indicated in the first three octets. If you search for 'MAC Address prefix lookup', you will discover various sites that allow you to identify the actual manufacturer of the network chip on your branded adapter.
The presence of the MAC Address in the Ethernet frame informs us that Data Link (layer 2) is what deals with these addresses. Therefore, it could also be stated that this is the level at which we will find ARP (Address Resolution Protocol), although, ARP could also be considered as layer three. Either way, all data that travels across an Ethernet network is only aware of MAC Addresses. There is no other addressing scheme available here at layer two. The Transmission Control Protocol/Internet Protocol (TCP/IP) and its attendant IP addresses have no presence in Ethernet, and unless you are going to get deep into the technicalities, TCP/IP is not considered to be present in layer two at all. It is essential that you understand this, as it is a common stumbling point that presents many individuals with a surprisingly high barrier to comprehension. Just as a bit of a useless trivia, the ability to manage MAC Addresses and tables is what distinguishes a switch from a hub.
Next, we may even encounter the 802.1q tag which is the technology that enables VLANs to function. This is a potentially confusing topic, so for now, just be aware that if present, VLAN information resides in the Ethernet frame which means that it is certainly part of layer two, layer three and upward have no idea that VLANs even exist. What specifically highlights layer two to the Windows Administrator is the fact that the Hyper-V virtual switch and Windows network adapter are teaming live at this level. Without an ability to parse the Ethernet frame, teaming cannot work at all, so it must be able to work with MAC Addresses. The Hyper-V virtual switch is a switch, and as such must also be aware of MAC Addresses, it also happens to be a smart switch, so it must also have the ability to work with 802.1q VLAN tags.
An addition to the Ethernet specification is Datacenter Bridging (DCB). The basic goal of DCB is to overcome the lossy nature of TCP/IP in the datacenter where data loss is both unnecessary and objectionable. There are a number of implementations, but basically the Ethernet versions include some way of tagging the frame. The consequence is that Windows can apply a DCB tag to traffic and DCB-aware physical switches are able to process and prioritize traffic according to these tags. Keep in mind that you do need a rather large TCP/IP network for this to be of any major concern as most LANs see such minute contention that any data loss will usually indicate miss-configured or broken components.
The final thing we are going to discuss is the payload, in the modern Windows world, the content of this payload is a TCP/IP packet. All that Ethernet cares about is the destination MAC Address, once the frame is delivered, layer two will unpack the packet and deliver it to layer three.
Network (Layer 3)
Layer three is where we first begin to encounter TCP/IP. First of all, please be aware that TCP/IP is not really a protocol, but a protocol group, TCP is one of them, IP is another. Layer three is also where we really start to observe that the layers of the OSI Model are only theoretical, because a number of things could be considered to exist in multiple layers at the same time. Layer three is where we start talking about the packet as opposed to the frame. Ethernet or Token Ring, or any other layer 2 protocol has delivered the frame and the payload has been extracted for processing. Everything layer 2 related is now gone, no MAC Address, no 802.1q tag. Generally speaking, the network adapter driver is the first and last thing in your Windows system to know anything about the Ethernet frame. After that, Windows takes over with the TCP/IP stack. What we have at this layer is IP, the most obvious feature of IP is of course the IP address. This is a four octet binary number that is usually represented in dotted decimal notation such as: 192.168.22.36. IP is the addressing mechanism of layer three.
TCP/IP traffic is packaged in the packet and appears similar to that of the Ethernet frame. It has a defined sequence that includes a header and a data section. Examining the header we will find source and destination IP addresses. This is also the point at which we can start thinking about routing. A very important fact to know when you are testing a network is that ICMP (which means PING for most of us) resides in layer three, not layer four. You must remember this because you will often see behaviours in ICMP that do not make a lot of sense when you try to think of them in terms of layer four behaviour, especially in comparison to TCP and UDP. We will discus this further when we are introduced to layer four. What you will not find here is the Hyper-V virtual switch as it has no IP address of its own and is generally oblivious to the fact that IP addresses exist. When you 'share' the physical adapter that a Hyper-V switch is assigned to, what actually happens is that a virtual network adapter is created for the management operating system. That virtual adapter 'connects' to the Hyper-V virtual switch at layer one (which is of course virtual). It does the work of bringing the layer two information of the Hyper-V switch into the layer three world of the management operating system. So, the virtual switch and virtual adapter are in layers one and two, but only the adapter can be said to meaningfully participate in layer three. The Hyper-V Server/Windows Server team is also not really in level three. You do create a team interface, but it also works much like Hyper-V's virtual adapter.
Transport (Layer 4)
Layer four is where we find a lot more of the TCP/IP stack, in particular TCP and UDP. The OSI Model becomes really confusing at this point because these protocols are advertised right there in the TCP/IP packet header, which is definitely a layer three object, however, it is the TCP/IP control software operating at this layer that is responsible for the packaging and handling of these assorted packets and the actual variations can be observed inside the payload portion of the packet. For the most part, Hyper-V administrators do not really need to think too much about layer four operations, but having no understanding of them will prove detrimental.
The features that we observe in layer four are really what made TCP/IP the most popular protocol. This is especially true for TCP, which allows for packets to be lost while preventing data loss. TCP packets are tracked from source to destination, and if one packet does not arrive at the destination, the recipient can signal for a retransmission. So, if a few packets in a stream happen to travel a different route and arrive at the destination out of order, this protocol can actually put them back into their original intended pattern. UDP does not do this, but it shares TCP's ability to detect problems. This ability is really what separates layer three from layer four, and why ICMP does not behave like a layer four protocol. For instance, if you are running a Live Migration and a ping is dropped, that does not mean that TCP will be affected at all. I have heard it said that ICMP is designed to find network problems and that is why it fails when other protocols do not. This is true to some degree, but it is also because the functionality that allows TCP and UDP to deal with abnormalities in the network are not layer three functions.
Each consecutive layer takes the output of the previous layer, and depending on the direction that the data is flowing, either encapsulates it with that layer's information or unpacks the data for further processing.