Seven Layer Model



When we browse the Internet, a physical connection allows for us to connect to the internet, either through a modem or through an Ethernet card in the case of a dedicated connection. A TCP/IP stack allows us to pass traffic and resolve web sites to IP addresses. Finally, applications, such as Netscape and Eudora, allow us to see the web sites and receive our e-mail.

The modem or Ethernet function has 2 parts. The modem or Ethernet drivers provide the computer with a way to communicate with the hardware. The PPP connection, also known as Dial-up Networking, allows your computer to access the modem. These two components provide the basis of getting a connection to the Internet.

The TCP/IP stack allows the computer to pass traffic across the link to the Internet in a meaningful way. That is, the TCP/IP stack allows your computer to speak the same "language" as the equipment at the other end of your connection. The TCP/IP stack also allows you to resolve friendly host names, such as, into an IP (Internet Protocol) address. Without the TCP/IP stack, we would be forced to go to each web site by it's IP address instead of a name!

Finally, the applications allow us to interact with friendly software to interpret HTML code into web pages for us, interact with mail servers to exchange e-mail, connect to news servers to retrieve and post news articles, and exchange data with FTP servers to allow us to download files. Without these programs, the Internet would be much more difficult to navigate through.


Why was it created?

The principles that were applied to arrive at the seven layers are as follows:
  • A layer should be created where a different level of abstraction is needed.
  • Each layer should perform a well defined function.
  • The function of each layer should be chosen in accordance with developing internationally standardized protocols.
  • The layer boundaries should be chosen to minimize the information flow across the interfaces.
  • The number of layers should be large enough that distinct functions need not be thrown together in the same layer out of necessity, and small enough that the architecture does not become unwieldy.

Having a way of categorizing each factor in an internet connection makes it easier for us to do our jobs as troubleshooters.

We all inherently understand that if the modem is not plugged in, you're not going to be able to get your e-mail. The OSI model allows us to follow that logic further: for example, if you can browse the web by IP but can't see websites by name, you know that the problem is not on the Network layer, but on the Transport layer.


How Encapsulation Works

The seven OSI layers use various forms of control information to communicate with their peer layers in other computer systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers. Control information typically takes one of two forms:

Header- Headers are prepended to the data passed down from upper layers.
Trailer- Trailers are appended to data passed down from upper layers.

Imagine that System A is requesting information from System B. System A makes an HTTP (Layer 7) request, which gets prepended with a header and appended with a footer. Layer 6 specifies whether it's a request for a GIF or an HTML document, and treats the Layer 7 header, data, and footer as its own data, prepending that with a header and appending it with a footer. The same treatment happens on Layer 5, and so on.

System B receives the request on Layer 1, and begins the decapsulation process, stripping the Layer 1 headers and footers off to reveal the Layer 2 information, and so forth, all the way up to the 7th layer.



The application layer interacts with software applications (such as Netscape or Outlook Express) that implement a communicating component. Such application programs are outside of the scope of the OSI model, but they translate an enduser's typing into a Layer 7 request. Application layer functions typically include the following:

  • Identifying communication partners - The application layer identifies and determines the availability of communication partners for an application with data to transmit.

  • Determining resource availability - The application layer must determine whether sufficient network resources for the requested communication are available.

  • Synchronizing communication - Communication between applications requires cooperation that is managed by the application layer.

Example: The Application layer is responsible for identifying that there is a web server answering on port 80 in order for HTTP communication to happen.



The presentation layer provides a variety of encoding and encryption functions that are applied to the application layer data. These functions ensure that information sent from the application layer of one system will be readable by the application layer of another system. Some examples of presentation layer encoding and encryption schemes follow:

  • Conversion of character representation formats - Conversion schemes are used to exchange information with systems using different text and data representations (such as EBCDIC and ASCII).

  • Common data representation formats -the use of standard image, sound, and video formats (like JPEG, MPEG, and RealAudio) allow the interchange of application data between different types of computer systems.
  • Common data compression schemes - The use of standard data compression schemes (like WinZip or GZip) allows data that is compressed at the source device to be properly decompressed at the destination.
  • Common data encryption schemes - The use of standard data encryption schemes allows data encrypted at the source device to be properly unencrypted at the destination.


The session layer establishes, manages, and terminates communication sessions between presentation layer entities. Communication sessions consist of service requests and service responses that occur between applications located in different network devices. These requests and responses are coordinated by protocols implemented at the session layer.

For example, SQL is a Session layer application that manages multiple queries to the SQL database. It's what allows multiple people to log in to, say, the Intranet at the same time.



The transport layer implements reliable internetwork data transport services that are transparent to upper layers. Transport layer functions typically include the following:

  • Flow control - Flow control manages data transmission between devices so that the transmitting device does not send more data than the receiving device can process.
  • Sliding Window - This allows the receiving computer to dictate to the sending end how many packets the receiver is capable of receiving at one time.
  • Multiplexing - Multiplexing allows data from several applications to be transmitted onto a single physical link.
  • Virtual circuit management - Virtual circuits are established, maintained, and terminated by the transport layer.
  • Three-way handshake - The three-way handshake is a connection establishment protocol. First, host A sends a SYN segment to host B in order to check that host B gets ready for establishing a TCP connection. Second, when host B receives the SYN segment that host A sent and is ready to start the TCP session, it sends a SYN and ACK segment back to host A. This ACK advertises an arrival of the first SYN segment to host A. Finally, host A sends an ACK segment for the second SYN and ACK segment that host B sent.
  • Error checking and recovery - Error checking mechanisms for detecting transmission errors. Error recovery involves taking an action (such as requesting that data be retransmitted) to resolve any errors that occur.

The two most common Transport layer protocols are TCP and UDP.
Common Transport Layer Ports
21 FTP
22 SSH
23 telnet
53 DNS
110 POP3
143 IMAP

A complete Port List



The network layer provides routing and related functions that allow multiple data links to be combined into an internetwork. This is accomplished by the logical addressing (as opposed to the physical addressing) of devices. The network layer supports both connection-oriented and connectionless service from higher-layer protocols.

Common protocols on the Network layer are BGP and OSPF. RIP is another Network layer protocol, but is not used on larger networks because of its inefficiency.


Data Link

The data link layer is where the logical information (i.e., IP addresses) is translated into the actual electrical pulses that travel over the physical layer. Frame Relay, ATM, and DSL all work on the Data Link layer.

Different data link layer specifications define different network and protocol characteristics, including the following:

  • Physical addressing - Physical addressing (as opposed to network addressing) defines how devices are addressed at the data link layer.
  • Network topology - Data link layer specifications often define how devices are to be physically connected (such as in a bus or a ring topology).
  • Error notification - Error notification involves alerting upper layer protocols that a transmission error has occurred.
  • Sequencing of frames - Sequencing of data frames involves the reordering of frames that are transmitted out of sequence.
  • Flow control - Flow control involves moderating the transmission of data so that the receiving device is not overwhelmed with more traffic than it can handle at one time.

Logical Link Control Sub-layer

The Logical Link Control (LLC) sublayer of the data link layer manages communications between devices over a single link of a network. LLC is defined in the IEEE 802.2 specification. IEEE 802.2 defines a number of fields in data link layer frames that allow multiple higher-layer protocols to share a single physical data link. LLC supports both connectionless and connection-oriented services used by higher-layer protocols.

Media Access Control Sub-layer

The Media Access Control (MAC) sublayer of the data link layer manages protocol access to the physical network medium. The IEEE MAC specification defines MAC addresses, which allow multiple devices to uniquely identify one another at the data link layer.



The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between communicating network systems. Physical layer specifications define such characteristics as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, and the physical connectors to be used.

Common examples of things that work on the Physical layer are Fiber Optic cables, CAT5 (ethernet) cables, and Copper Twisted Pair.


Troubleshooting using the Seven-Layer Model

The key here is to think of the Internet like a giant Taco Bell seven-layer burrito...just kidding.

The whole point of the OSI model is to make our jobs easier through classification and dilineation of functions. Ultimately, the easiest way to use the seven-layer model is by figuring out what the user can do on the Net, then going up one layer and seeing if they can perform the functions that are supposed to be performed on that layer.

For example:

  • Is the router plugged in? What lights are on? If the router is not a) plugged in to the electrical outlet and b) plugged in to the ISDN jack, the user won't be able to ping.
  • If the user can ping but can't browse the internet, can the user visit a website by IP address? If the user's TCP configurations are incorrect, they will obviously not be able to translate a name to IP address, and therefore, won't be able to get mail, either.

Seven Layer Model Charts