From an Idea to Ones and Zeros: Understanding the OSI Model

I recently discussed the OSI model and the differences between switches and routers with a friend who is currently studying networking. She suggested I write a blog post on the subject, so here goes!

In networking, the OSI (Open Systems Interconnection) model is a fundamental theoretical framework, along with the TCP/IP Model, about transferring data between two hosts in a network. Despite its widespread use as a reference model, the OSI model can be challenging to grasp for those new to the field. To demystify the concept, I will draw parallels to the process of human communication and explore how an email message travels from a sender to the recipient, while it gets encapsulated first down the seven layers of the OSI model at the sender's side and then decapsulated up the same layers at the recipient's side. As the OSI model is a theoretical framework for abstracting the different tasks involved in transferring data between two hosts, data moves on each layer vertically from the sender to the receiver, but encapsulation and decapsulation happen horizontally as ultimately data can only be sent over the physical medium, represented at the bottom of the model. Each respective layer also depends on all the layers below it for the communication to occur.

The Post Office

My analogy is the post office. We communicate to transfer ideas to each other and sometimes we even send letters. Consider a person A in Finland sending a letter to person B in Sweden.

Layer 7: Application

Person A writes the letter. The message is created at the Application Layer. Just as person A decides the content of their letter based on what they want to communicate, applications decide the data to be sent over the network.

Layer 6: Presentation

Person A decides to write their letter in Swedish, knowing Person B understands it. This is akin to the Presentation Layer, which translates data into a format the receiving application can understand. It’s about encoding the message in a common language or format.

Layer 5: Session

Before sending the letter, Person A puts it in an envelope and writes "For Person B" on the envelope establishing a private communication session. In the OSI model, the Session Layer establishes, manages, and terminates connections between applications, ensuring the message is directed to and can be opened by the intended recipient.

Layer 4: Transport

Person A decides to send the letter via registered mail to ensure it arrives safely. This is like using the TCP protocol at the Transport Layer, which is responsible for delivering messages reliably and in order. It’s like choosing registered mail to track the letter and confirm its delivery.

Layer 3: Network

At the post office, the clerk checks the address and decides to route the letter through Stockholm because it’s the most efficient path to Person A's address. Similarly, the Network Layer determines the path data takes across the network, routing it from sender to receiver across multiple nodes if necessary.

Layer 2: Data Link

The letter is placed in a mailbag tagged for Stockholm. This is like the Data Link Layer, where data packets are framed for transmission, addressed to the next directly connected node. The mailbag's tag ensures the letter makes it to the next point on its journey to Sweden, just as data link protocols ensure data reaches the next device in the network.

Layer 1: Physical

The mailbag is loaded onto a truck and then a plane, physically moving towards Person B. This represents the Physical Layer, where the actual transmission media carry the data. The trucks and planes are akin to the cables and radio waves that carry digital data across the physical network.

When Person B receives the letter, the process is reversed. The mailman delivers the letter to Person B's mail box, where Person B finds it. They open the envelope (Session Layer), read the letter in Swedish (Presentation Layer), and understand the message (Application Layer). This journey, from Person A to Person B, encapsulates the OSI model's layers in the context of sending a letter from Finland to Sweden, demonstrating how each layer contributes to the successful delivery of the message.

Matryoshka dolls

Another analogy I have are the Matryoshka dolls where the innermost doll is the Application Layer message to be sent, which then gets put into a Presentation Layer doll, which goes into a Session Layer doll, which goes into a Transport Layer doll (a TCP packet), which goes into a Network Layer doll (IP packet), which goes into a Data Link doll (Ethernet Frame), which gets passed on to someone else in the network. The next person who gets the doll, opens the nested dolls far enough for them to know what to do with them. At the Data Link Layer, it is enough for a switch to check the first doll to find the MAC address it needs to send the dolls forward. At the Network Layer the router needs to open them far enough to find the recipient IP address, etc. When the final recipient receives the dolls, they will open all of them to find the innermost doll, which contains the transmitted message. This analogy isn’t perfect either, but I it gives a simple visual representation of how the encapsulation and decapsulation work adding headers and trailers to the data for the transmitting purposes, and how the network devices only need these parts to fulfill their tasks.

Let us next go through a simplified example of encapsulation/decapsulation through considering sending an email from one host to another following the OSI model. While data moves vertically in the model from the sender to the recipient, encapsulation happens first horizontally from Layer 7 down to Layer 1 on the sending side and then decapsulation happens in reverse from Layer 1 up to Layer 7 on the receiving side. You can see an animation in the below video of how encapsulation/decapsulation and data transfer happen in the model.

??

Encapsulation

Layer 7, Application Layer, Sender

At the application layer, different application-level protocols are used to transfer the data. In case of email the options are SMTP, IMAP, and POP3 and their TLS/SSL encrypted alternatives. At the application level the choice is also made whether to encrypt the email message using S/MIME.

At this level the user interacts with the email client software to select the various options, compose the message, and clicks "Send."

The encapsulation process, required for sending the data to the receiver, begins here.

Layer 6, Presentation Layer, Sender

The encapsulation of the message proceeds at the Presentation layer, where the message is saved into a message file that can be sent to the receiving system. Any encoding or compression required is applied at this layer.

Note: TLS/SSL does not neatly fit into the OSI model and while for example TLS stands for “Transport Layer Security”, its various activities happen on different layers on top of the Network Layer. The different parts of the handshake and negotiation between the sender and the recipient on the parameters to use for example can be argued to be happening on any of the Application, Presentation, and Session Layers. The point here is not to take part in this argument, but to explain at a high level how the different OSI model layers work.

Layer 5, Session Layer, Sender

At the Session layer, the session for delivering the data to the recipient is created. When TLS/SSL encryption is used, the SSL handshake and the establishment and management of the encrypted channel between the sender and recipient are characteristic to the Session Layer.

Layer 4, Transport Layer, Sender

The Transport layer uses a protocol like TCP (Transmission Control Protocol) to break down the data on the Session Layer to segments, manage the end-to-end connectivity, flow control, and packet level error correction between the two hosts for the delivery of the file. TCP segment headers are added, including sequence numbers so the recipient can reassemble the TCP packets in the correct order. TCP also requires acknowledgments from the recipient that the packets are received and it resends any that fail to transfer. However, while the Transport Layer manages and enables the end-to-end connectivity between applications on different hosts, the actual "direct" data transfer between the hosts happens on the lower levels of the OSI model.

Note: UDP is another protocol commonly used at this layer for e.g. streaming services, because it lacks error correction and prioritizes speed over reliability.

Layer 3, Network Layer, Sender

The Network layer manages the delivery of TCP packets to the email server across various routers on the internet using the IP protocol. The sending host decides, based on the IP Address and Network Mask, if the recipient is in the same IP subnet with the sender or not. If it isn’t, the "Default Gateway" is used, which is a router, connected to the IP subnet, that forwards the packets based on its routing table and protocols available to it to for determining the best path. As each packet is routed individually, they may take different paths across the network, but will eventually find the same recipient.

Layer 2, Data Link Layer, Sender

The Data Link layer places the IP packet inside an Ethernet frame, including the sending and receiving host MAC addresses. Each host in an Ethernet network maintains a ARP (Address Resolution Protocol) table of the other hosts in the IP subnets it is connected to. The sending host will check the recipient MAC address in its ARP table (the end recipient MAC address if it is in the same subnet, or otherwise the default gateway router MAC address is used) and adds it to the Ethernet frame. The router or another computer can either be connected to the sending host directly through a connecting cable, via a wireless network, or via a Switch. Switches are devices that operate on the Data Link layer connecting multiple devices together in the same subnet.

Switches maintain forwarding tables of MAC addresses they see behind each of their physical Ethernet ports, and they receive and forward Ethernet frames based on the destination MAC addresses they see in the Ethernet frames.

Layer 1, Physical Layer, Sender

At the Physical layer, the data is transmitted as ones and zeros, or bits, over the physical medium (e.g., Ethernet cable, Wi-Fi, of fiber optics) to the recipient. Ones and zeros are represented by voltage changes on the copper wire, blinking an LED light on a fiber optic cable, or on radio frequencies in case of wireless networks. The recipient's network card interprets the sequence of bits to reconstruct the Ethernet frame.

?

Decapsulation

The process is then reversed in decapsulating the email message at the recipient's side, moving up from the Physical layer to the Application layer, where the email software notifies the recipient of the new email.

Layer 1, Physical Layer, Recipient

At the Physical layer, the recipient receives the string of bits on the physical medium and interprets them to produce the Ethernet frame.

Layer 2, Data Link Layer, Recipient

At the Data Link layer, the recipient receives the Ethernet frame. If the recipient is a switch, it checks the intended recipient's MAC address in the Ethernet frame, consults its forwarding table to find which port the recipient MAC address is behind, and forwards the frame to the device behind that port. If the device is a router or another host in the network, it checks that the recipient MAC address belongs to itself.?

Layer 3, Network Layer, Recipient

At the Network layer, if the packet is received by a router, it checks if the intended recipient IP address is in any of the subnets it has direct access to. If the router has access to the required subnet, it will send the IP packet to the final recipient. If the final recipient can't be reached, it will send a notification about the failure back to the sender. If the router doesn't have access to the required network, it will use a routing protocol to forward the IP packet to another router. If the recipient is a host computer or a server, it checks the IP address in the IP packet to ensure that the packet is intended for itself.

Layer 4, Transport Layer, Recipient

At the Transport Layer, the TCP packets are reassembled to form the original data.

Layer 5, Session Layer, Recipient

At the Session Layer, the recipient receives the data from the sending side over the communication channel, the session, they have open. If TLS/SSL encryption is used, the recipient decrypts the data.

Layer 6, Presentation Layer, Recipient

At the Presentation layer, the email software applies any decompression and decoding required to recover the Application data. The email file is recovered.

Layer 7, Application Layer, Recipient

At the Application Layer, the email software alerts the recipient that a new email has been received and presents the message to the user, removing the S/MIME encryption, if it is applied.

?

Conclusion

As we can see in this illustration, the email is sent directly on the Application layer, but this is still impossible without all the other layers because the raw data can only be delivered over the physical medium and it therefore has to be converted into ones and zeros, that can be transmitted using voltage differences on a copper wire, a blinking light on a fiber optic, or radio frequencies in the air. The different layers of the OSI model conceptualize this the different protocols on the various layers are for making that happen.

Abstraction means that we don’t need to care how things happens below the level we are working on. When everything works, we don’t need to care on the application layer how the email is encrypted, how the session is created, how the routing works, or how the switches are configured, for the message to get delivered, but if a switch breaks down on layer 2, nothing works on top of it, or if a TLS/SSL certificate expires, the routing and everything below the session layer will work just fine, but an encrypted session won’t be created as the hosts won’t be able to establish trust, and therefore the communication on the presentation and application layers won’t work.

The main message here is that because of this abstraction, in the model data moves directly on each layer, but physically it won’t move unless the is an actual physical connection and therefore all data must be converted to ones and zeros so that they can be sent. Encapsulation is about changing the high-level data into ones and zeros, that can be transmitted in the network, and decapsulation is about changing those ones and zeros back to the high-level data that we care about.