There are two important facts about the OSI model to remember:
It is a conceptual model. That means it describes an idealized, abstract, theoretical group of networking functions. It does not describe anything that someone actually built (at least nothing that is in use today).
It is not the only model. There are other models, most notably the TCP/IP protocol suite (RFC-1122 and RFC-1123), which is much closer to what is currently in use.
A bit of history: You’ve probably all heard about the early days of packet networking, including ARPANET, the Internet’s predecessor. In addition to the U.S. Defense Department’s efforts to create networking protocols, several other groups and companies were involved as well. Each group was developing their own protocols in the brand new field of packet switching. IBM and the telephone companies were developing their own standards. In France, researchers were working on their own networking project called Cyclades.
Work on the OSI model began in the late 1970s, mostly as a reaction to the growing influence of big companies like IBM, NCR, Burroughs, Honeywell (and others) and their proprietary protocols and hardware. The idea behind it was to create an open standard that would provide interoperability between different manufacturers. But because the ISO model was international in scope, it had many competing political, cultural and technical interests. It took well over six years to come to consensus and publish the standards.
In the meanwhile, the TCP/IP model was also developed. It was simple, easy to implement, and most importantly, it was free. You had to purchase the OSI standard specifications to create software for it. All the attention and development efforts gravitated to TCP/IP. As a result, the OSI model was never commercially successful as a set of protocols, and TCP/IP became the standard for the Internet.
The point is, all of the protocols in use today, the TCP/IP suite; routing protocols like RIP, OSPF and BGP; and host OS protocols like Windows SMB and Unix RPC, were developed without the OSI model in mind. They sometimes bear some resemblance to it, but the OSI standards were never followed during their development. So it’s a fools errand to try to fit these protocols into OSI. They just don’t exactly fit.
That doesn’t mean the model has no value; it is still a good idea to study it so you can understand the general concepts. The concept of the OSI layers is so woven into network terminology, that we talk about layer 1, 2 and 3 in everyday networking speech. The definition of layers 1, 2 and 3 are, if you squint a bit, fairly well agreed upon. For that reason alone, it’s worth knowing.
The most important things to understand about the OSI (or any other) model are:
- We can divide up the protocols into layers
- Layers provide encapsulation
- Layers provide abstraction
- Layers decouple functions from others
Dividing the protocols into layers allows us to talk about their different aspects separately. It makes the protocols easier to understand and easier to troubleshoot. We can isolate specific functions easily, and group them with similar functions of other protocols.
Each “function” (broadly speaking) encapsulates the layer(s) above it. The network layer encapsulates the layers above it. The data link layer encapsulates the network layer, and so on.
Layers abstract the layers below it. Your web browser doesn’t need to know whether you’re using TCP/IP or something else at at the network layer (as if there were something else). To your browser, the lower layers just provide a stream of data. How that stream manages to show up is hidden from the browser. TCP/IP doesn’t know (or care) if you’re using Ethernet, a cable modem, a T1 line, or satellite. It just processes packets. Imagine how hard it would be to design an application that would have to deal with all of that. The layers abstract lower layers so software design and operation becomes much simpler.
Decoupling: In theory, you can substitute one specific technology for another at the same layer. As long as the layer communicates with the one above and the one below in the same way, it shouldn’t matter how it’s implemented. For example, we can remove the very well-known layer 3 protocol, IP version 4, and replace it with IP version 6. Everything else should work exactly the same. To your browser or your cable modem, it should make no difference.
The TCP/IP model is what TCP/IP protocol suite was based on (surprise!). It only has four layers, and everything above transport is just “application.” It is simpler to understand, and prevents endless questions like “Is this session layer or presentation layer?” But it too is just a model, and some things don’t fit well into it either, like tunneling protocols (GRE, MPLS, IPSec to name a few).
Ultimately, the models are a way of representing invisible abstract ideas like addresses and packets and bits. As long as you keep that in mind, the OSI or TCP/IP model can be useful in understanding networking.
First off the OSI model is a theoretical model, it doesn't nessacerally exactly match up with reality. Also generally layer models only show layers that actually add or remove something from the packet.
The following answer omits some minor details. Also some details may vary between operating systems, I have the most experiance with linux, some stuff may be different on other operating systems.
This answer also focuses on the basic set-up, many modern network controllers have "offload" features where features that were traditionally the responsibility of the OS kernel are taken over by the network controller.
The network controller is logically divided into two parts, the "MAC" and the "PHY". In some cases MAC and PHY may be integrated into the same chip.
The PHY does the following.
- Converting between the wire-level encoding and a stream of binary data units.
- Detecting when the line is busy (for half-duplex physical layers).
- Detecting the start and of incoming frames.
- Generating special wire-level encodings for the start and end of frames.
The MAC does the following.
- Translating between data streams at wire-rate and frames in a buffer that the OS can read/write.
- Generating/checking/stripping the preamble and FCS.
- Notifying the OS through interrupts when incoming frames have been delivered to the buffer.
- Implementing Medium access control if needed.
- Fitering incoming frames by destination MAC address.
The Kernel implements the following.
- Talking to the MAC (using a driver module).
- Building and interpreting Ethernet frames (minus the preamble and FCS).
- Implementing ARP (or ND for IPv6) to translate between IP and MAC addresses.
- Implementing building and interpretation of IP packets.
- Forwarding packets to the correct interface based on a routing table.
- Packet filtering, NAT etc.
- Major transport protocols like TCP and UDP.
- Some parts of ICMP.
Daemons and tools running outside the kernel but considered to be part of the OS implement.
- DHCP
- DNS cache (if used).
- Diagnostics like ping and traceroute.
- Configuration of kernel features.
Libraries loaded by the application are generally used to implement stuff that runs on top of TCP/UDP including:
Best Answer
tl;dr Many different devices can encounter multiple OSI levels. Whichever end point is requesting something from a layer 7 protocol (like HTTP), will use all 7 layers before putting it on the wire. Intermediate nodes, like routers and switches might only use up to the first 3 layers, firewalls or WAN accelerators can affect layer 4, load balancers do interesting things as well.
If you're interested in a more detailed answer, look below - I tried(?) to keep it fairly simple, and use a real world example.
For reference:
OSI Model
Source: TCP/IP Guide
What layers encapsulate the data depends on what generates the data. In general, de-encapsulation will only happen for what is relevant to the data's current place in the network (on a router, on a host, etc.)
By this I mean, if I'm a router, I don't care that there is an HTTP request buried in this packet if all I'm trying to do is route traffic via Layer 3 - I will only strip off enough headers to get what I need, do my job, and move on to the next packet.
We all use the internet everyday in some way, so here's what a typical HTTP request will look like, taking the OSI model into account. For simplicity's sake, we can assume the network is available and there aren't any problems.
NOTE: It's fair to mention that other things can interfere with the typical behavior (firewalls, NAT/PAT, ACL's, etc.) But it's best to have a very solid understanding of where all the encapsulation and de-encapsulation is taking place to understand how those affect the network and the traffic.