RHCSA: OSI Model

Each layer in the OSI seven-layer model defines an important function in computer networking, and the protocols that operate at that layer offer solutions to those functions.

Protocols are sets of clearly defined rules, regulations, standards, and procedures that enable hardware and software developers to make devices and applications that function properly at a particular level. The OSI seven-layer model is a theoretical model (never used in real implementations) which encourages modular design in networking, meaning that each layer has as little to do with the operation of other layers as possible. 

Layers are hierarchical. Each layer on the model trusts that the other layers on the model do their jobs. The OSI seven layers are:

• Layer 7 Application
• Layer 6 Presentation
• Layer 5 Session
• Layer 4 Transport
• Layer 3 Network
• Layer 2 Data Link
• Layer 1 Physical

To memorize the layers one can use the phase “Please Do Not Throw Sausage Pizza Away.”

TCP/IP Protocol Layers (from Microsoft/TCP-IP Protocol Architecture)

The OSI seven layers are just a conceptual some that helps in several areas such as troubleshooting. Some protocols fit neatly into one of the seven layers, while others don't. We will study TCP layers later and they have only partial correspondence to OSI layers.

Layer l of the OSI model

Layer l of the OSI model defines the method of moving data between computers, so the cabling and central box are part of the Physical layer (Layer 1). Anything that moves data from one system to another, such as copper cabling, fiber optics, even radio waves, is part of the OSI Physical layer. Layer l doesn’t care what data goes through; it just moves the data from one system to another system.

Clearly the network needs a physical channel through which it can move bits of data between systems. This cable, known in the networking industry as unshielded twisted pair (UTP), usually contains four pairs of wires that can transmit and receive data.

Another key piece of hardware the network uses is a special box-like device called a switch often tucked away in a closet or the sever room. Each server in the network has set of cables which run to one of the switches.  Cable connects to what is called networking connector on the network interface card.

The real magic starts with the network interface card, or NIC (pronounced “nick”), which serves as the interface between the PC and the network. NICs come in a wide array of shapes and sizes.  Some are on the motherboard some are separate PCI cards.

On older systems, a NIC truly was a separate card with a single interface, which was snapped into PCI slot, which is why they were called network interface cards. Even though they’re now most often are built into the motherboard, they are still called NICs.

If you put an oscilloscope on the wire to measure voltage, you’d see something like a string of ones and zeroes is moving across the wire

Data Link(Layer 2)

Data link layers is that layer of NIC card.

All networks transmit data by breaking whatever is moving across the Physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.

If you visualize networking as electronic analog of Us postal system, NIC corresponds to the postal box to which postman put envelopes and takes envelopes addresses to some remote recipients.

MAC addresses

There is some analogy between Ethernet network and phone network.  The Ethernet network provides a mechanism that gives each system a unique identifier—like a telephone number—so data are delivered to the right system. That’s one of the NIC’s most important jobs. Inside every NIC, burned onto some type of ROM chip, is special firmware containing a unique identifier with a 48-bit value called the media access control address, or MAC address.

No two NICs ever share the same MAC address—ever. Any company that makes NICs must contact the Institute of Electrical and Electronics Engineers (IEEE) and request a block of MAC addresses, which the company then burns into the ROMs on its NICs. Many NIC makers also print the MAC address on the surface of each NIC, as shown in Note that the NIC shown here displays the MAC address in hexadecimal notation. Count the number of hex characters—because each hex character represents 4 bits, it takes 12 hex characters to represent 48 bits.

[127] d620@ROOT:~ # ip addr show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp9s0:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:1c:23:06:cb:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.23/24 brd 192.168.5.255 scope global noprefixroute dynamic enp9s0
       valid_lft 86142sec preferred_lft 86142sec
    inet6 fe80::4dcf:908b:d93f:808d/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: wlp12s0:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ca:1b:37:7a:44:04 brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:69:a0:f5:4d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever

In print, we represent the MAC address as 00:1c:23:06:cb:e7. The first six digits, in this example 00:1c:23, represent the number of the NIC manufacturer. Once the IEEE issues those six hex digits to a manufacturer—often referred to as the organizationally unique identifier (OUI)—no other manufacturer may use them. The last six digits, in this example 60–7D–49, are the manufacturer’s unique serial number for that NIC; this portion of the MAC is often referred to as the device ID.

On windows system, you can type ipconfig /all from a command prompt to display the MAC address. Note that ipconfig calls the MAC address the physical address, which is an important distinction as IP address is considered to be logical.

TIP The Institute of Electrical and Electronics Engineers (IEEE) forms MAC addresses from a numbering name space originally called MAC-48, which simply means that the MAC address will be 48 bits, with the first 24 bits defining the OUI, just as described here. The current term for this numbering name space is EUI-48. EUI stands for Extended Unique Identifier. (IEEE apparently went with the new term because they could trademark it.) Most techs still call them MAC addresses.

I like to visualize an imaginary table inside every NIC that acts as a frame creation and reading station. I see frames as those pneumatic canisters you see when you go to a drive-in teller at a bank. A little guy inside the network card—named Nic, naturally!—builds these pneumatic canisters (the frames) on the table and then shoots them out on the wire to the hub

Even though a frame is a string of ones and zeroes, it can centran logical structure and consists of many filed. The frame begins with the MAC address of the NIC to which the data is to be sent, followed by the MAC address of the sending NIC. Then comes the data, followed by a special bit of checking information called the frame check sequence (FCS). The FCS uses a type of binary math called a cyclic redundancy check (CRC) that the receiving NIC uses to verify that the data were transmitted correctly.

The data may be arbitrary, such  as a piece of a print job, or part of a Web page. NICs aren’t concerned with content! The NIC simply takes whatever data is passed to it via its device driver and addresses it for the correct system. Special software will take care of what data gets sent and what happens to that data when it arrives.

Like a canister, a frame can hold only a certain amount of data. Different networks use different sizes of frames, but a single Ethernet frame usually holds has the length of  1500.

This raises a new question: what happens when the data to be sent is larger than the frame size? Well, the sending system’s software must chop the data up into nice, frame-sized chunks, which it then hands to the NIC for sending. As the receiving system begins to accept the incoming frames, the receiving system’s software recombines the data chunks as they come in from the network. I’ll show how this disassembling and reassembling is done in a moment—first, let’s see how the frames get to the right system!

When a system sends a frame out on the network, the frame goes into the hub. The hub, in turn, makes an exact copy of that frame, sending a copy of the original frame to every other system on the network. The interesting part of this process is when the copy of the frame comes into all the other systems. I like to visualize a frame sliding onto the receiving NIC’s “frame assembly table,” where the electronics of the NIC inspect it. Here’s where the magic takes place: only the NIC to which the frame is addressed will process that frame—the other NICs simply erase it when they see that it is not addressed to their MAC address.

This is important to understand: every frame sent on a network is received by every NIC, but only the NIC with the matching MAC address will process that particular frame

NOTE Most FCSs are only 4 bytes long, yet the average frame carries around 1500 bytes of data. How can 4 bytes tell you if all 1500 bytes in the data are correct? That’s the magic of the math of the CRC. Without going into the grinding details, think of the CRC as just the remainder of a division problem. (Remember learning remainders from division back in elementary school?) The NIC sending the frame does a little math to make the CRC. Using binary arithmetic, it works a division problem on the data using a divisor called a key. The result of this division is the CRC. When the frame gets to the receiving NIC, it divides the data by the same key. If the receiving NIC’s answer is the same as the CRC, it knows the data is good.

Getting the Data on the Line

The process of getting data onto the wire and then picking that data off the wire is amazingly complicated. For instance, what happens to keep two NICs from speaking at the same time? Because all the data sent by one NIC is read by every other NIC on the network, only one system may speak at a time. Networks use frames to restrict the amount of data a NIC can send at once, giving all NICs a chance to send data over the network in a reasonable span of time. Dealing with this and many other issues requires sophisticated electronics, but the NICs handle these issues completely on their own without our help. Thankfully, the folks who design NICs worry about all these details, so we don’t have to!

Using the MAC address is a great way to move data around, but this process raises an important question. How does a sending NIC know the MAC address of the NIC to which it’s sending the data? In most cases, the sending system already knows the destination MAC address because the NICs had probably communicated earlier, and each system stores that data. If it doesn’t already know the MAC address, a NIC may send a broadcast onto the network to ask for it. The MAC address of FF-FF-FF-FF-FF-FF is the broadcast address—if a NIC sends a frame using the broadcast address, every single NIC on the network will process that frame. That broadcast frame’s data will contain a request for a system’s MAC address. Without knowing the MAC address to begin with, the requesting computer will use an IP address or host name to pick the target computer out of the crowd. The system with the MAC address your system is seeking will read the request in the broadcast packet and respond with its MAC address.

The Complete Frame Movement

Now that you’ve seen all the pieces used to send and receive frames, let’s put these pieces together and see how a frame gets from one system to another. The basic send/receive process is as follows.

First, the sending system’s network operating system (NOS) software—such as Windows 7—hands some data to its NIC. The NIC builds a frame to transport that data to the receiving NIC

After the NIC creates the frame, it adds the FCS, and then dumps it and the data into the frame

Next, the NIC puts both the destination MAC address and its own MAC address onto the frame. It waits until no other NIC is using the cable, and then sends the frame through the cable to the network

The frame propagates down the wire into the hub, which creates copies of the frame and sends it to every other system on the network. Every NIC receives the frame and checks the MAC address. If a NIC finds that a frame is addressed to it, it processes the frame; if the frame is not addressed to it, the NIC erases it.

So, what happens to the data when it gets to the correct NIC? First, the receiving NIC uses the FCS to verify that the data is valid. If it is, the receiving NIC strips off all the framing information and sends the data to the software—the network operating system—for processing. The receiving NIC doesn’t care what the software does with the data; its job stops the moment it passes on the data to the software.

Any device that deals with a MAC address is part of the OSI Data Link layer, or Layer 2 of the OSI model. Let’s update the OSI model to include details about the Data Link layer

The Two Aspects of NICs

Consider how data moves in and out of a NIC. On one end, frames move into and out of the NIC’s network cable connection. On the other end, data moves back and forth between the NIC and the network operating system software. The many steps a NIC performs to keep this data moving—sending and receiving frames over the wire, creating outgoing frames, reading incoming frames, and attaching MAC addresses—are classically broken down into two distinct jobs.

The first job is called the Logical Link Control (LLC). The LLC is the aspect of the NIC that talks to the operating system, places data coming from the software into frames, and creates the CRC on each frame. The LLC is also responsible for dealing with incoming frames: processing those that are addressed to this NIC and erasing frames addressed to other machines on the network.

The second job is called the Media Access Control (MAC), and I bet you can guess what it does! That’s right—it remembers the NIC’s own MAC address and attaches MAC addresses to the frames. Recall that each frame the LLC creates must include both the sender’s and recipient’s MAC addresses. The MAC also ensures that the frames, now complete with their MAC addresses, are then sent along the network cabling.

NIC and Layers

Most networking materials that describe the OSI seven-layer model put NICs squarely into the Data Link layer of the model. It’s at the MAC sublayer, after all, that data gets encapsulated into a frame, destination and source MAC addresses get added to that frame, and error checking occurs. What bothers most students with placing NICs solely in the Data Link layer is the obvious other duty of the NIC—putting the ones and zeroes on the network cable. How much more physical can you get?

Many teachers will finesse this issue by defining the Physical layer in its logical sense—that it defines the rules for the ones and zeroes—and then ignore the fact that the data sent on the cable has to come from something. The first question when you hear a statement like that—at least to me—is, “What component does the sending?” It’s the NIC, of course, the only device capable of sending and receiving the physical signal.

Network cards, therefore, operate at both Layer 2 and Layer 1 of the OSI seven-layer model. If cornered to answer one or the other, however, go with the more common answer, Layer 2.

Beyond the Single Wire—Network Software and Layers 3–7

Getting data from one system to another in a simple network (defined as one in which all the computers connect to one hub) takes relatively little effort on the part of the NICs. But one problem with simple networks is that computers need to broadcast to get MAC addresses. It works for small networks, but what happens when the network gets big, like the size of the entire Internet? Can you imagine millions of computers all broadcasting? No data could get through.

Large networks need a logical addressing method, like a postal code or telephone numbering scheme, that ignores the hardware and enables you to break up the entire large network into smaller networks called subnets.

To move past the physical MAC addresses and start using logical addressing requires some special software called a network protocol. Network protocols exist in every operating system. A network protocol not only has to create unique identifiers for each system, but also must create a set of communication rules for issues like how to handle data chopped up into multiple packets and how to ensure those packets get from one subnet to another. Let’s take a moment to learn a bit about the most famous network protocol—TCP/IP—and its unique universal addressing system.

To be accurate, TCP/IP is really several network protocols designed to work together—but two protocols, TCP and IP, do so much work that the folks who invented all these protocols named the whole thing TCP/IP. TCP stands for Transmission Control Protocol, and IP stands for Internet Protocol. IP is the network protocol I need to discuss first; rest assured, however, I’ll cover TCP in plenty of detail later.

IP—Playing on Layer 3, the Network Layer

At the Network layer, Layer 3, packets get created and addressed so they can go from one network to another. The Internet Protocol is the primary logical addressing protocol for TCP/IP. IP makes sure that a piece of data gets to where it needs to go on the network. It does this by giving each device on the network a unique numeric identifier called an IP address. An IP address is known as a logical address to distinguish it from the physical address, the MAC address of the NIC.

Packets Within Frames

For a TCP/IP network to send data successfully, the data must be wrapped up in two distinct containers. A frame of some type enables the data to move from one device to another. Inside that frame is both an IP-specific container that enables routers to determine where to send data—regardless of the physical connection type—and the data itself. In TCP/IP, that inner container is called a packet.

Once the packet reaches the destination subnet’s router, that router will strip off the incoming frame—no matter what type—look at the destination IP address, and then add a frame with the appropriate destination MAC address that matches the destination IP address.

The receiving NIC strips away the Ethernet frame and passes the remaining packet off to the software. The networking software built into your operating system handles all the rest of the work. The NIC’s driver software is the interconnection between the hardware and the software. The NIC driver knows how to communicate with the NIC to send and receive frames, but it can’t do anything with the packet. Instead, the NIC driver hands the packet off to other programs that know how to deal with all the separate packets and turn them into Web pages, e-mail messages, files, and so forth.

The Network layer (Layer 3) is the last layer that deals directly with hardware. All the other layers of the OSI seven-layer model work strictly within software.

Assembly and Disassembly—Layer 4, the Transport Layer

Because most chunks of data are much larger than a single packet, they must be chopped up before they can be sent across a network. When a serving computer receives a request for some data, it must be able to chop the requested data into chunks that will fit into a packet (and eventually into the NIC’s frame), organize the packets for the benefit of the receiving system, and hand them to the NIC for sending. The receiving system must be able to recognize a series of incoming packets as one data transmission, reassemble the packets correctly based on information included in the packets by the sending system, and verify that all the packets for that piece of data arrived in good shape.

This part is relatively simple—the transport protocol breaks up the data into packets and gives each packet some type of sequence number. I like to compare this process to the one that my favorite international shipping company uses. I receive boxes from UPS almost every day; in fact, some days I receive many, many boxes from UPS. To make sure I get all the boxes for one shipment, UPS puts a numbering system, like the one shown in, on the label of each box. A computer sending data on a network does the same thing. Embedded into the data of each packet is a sequencing number. By reading the sequencing numbers, the receiving system knows both the total number of packets and how to put them back together.

NOTE A lot of things happen on a TCP/IP network at the Transport layer. I’m simplifying here because the TCP/IP model does a way better job explaining each thing than does the OSI model.

Layer 5, the Session layer of the OSI seven-layer model, handles all the sessions for a system. The Session layer initiates sessions, accepts incoming sessions, and opens and closes existing sessions. The Session layer also keeps track of computer naming conventions, such as calling your computer SYSTEM01 or some other type of name that makes more sense than an IP or MAC address.

Layer 6, the Presentation layer of the OSI seven-layer model, handles the conversion of data into formats that are readable by the system. Of all the OSI layers, the high level of file format standardization has made the Presentation layer the least important and least used.

This is the level on which  various file formats emerge.  Specialized file formats, such as Adobe’s popular Portable Document Format (PDF) for documents and PostScript for printing, provide standard formats that any OS can read, write, and edit

Network Applications—Layer 7, the Application Layer

The last and most visible part of any network is the software applications that use it. If you want to copy a file residing on another system in your network, you need an application like Network in Windows 7 (or My Network Places in earlier versions of Windows) that enables you to access files on remote systems. If you want to view Web pages, you need a Web browser like Internet Explorer or Mozilla Firefox. The people who use a network experience it through an application. A user who knows nothing about all the other parts of a network may still know how to open an e-mail application to retrieve mail

Applications may include a number of additional functions, such as encryption, user authentication, and tools to control the look of the data. But these functions are specific to the given applications. In other words, if you want to put a password on your Word document, you must use the password functions in Word to do so.

The Application layer is Layer 7 in the OSI seven-layer model. Keep in mind that the Application layer doesn’t refer to the applications themselves. It refers to the code built into all operating systems that enables network-aware applications. All operating systems have Application Programming Interfaces (APIs) that programmers can use to make their programs network aware. An API, in general, provides a standard way for programmers to enhance or extend an application’s capabilities.