OSI Model – Physical Location of the Layers Explained

osi

Hi Cisco student/newbie here!

I understand that data passes down through the OSI model and then at the physical layer is transported as bits across the networkcables. But I'm confused at exactly where the layers are happening (in the PC, in the router etc ?). Does the processes at layers 7-2 happen in a PC before the data goes out on the cables as per layer 1? That doesn't sound right, as I know switches operate at layer 2 and routers at layer 3. But then wouldn't the data have already needed to go out on the cables to get to the switch or router? Thanks 🙂

Best Answer

tl;dr Many different devices can encounter multiple OSI levels. Whichever end point is requesting something from a layer 7 protocol (like HTTP), will use all 7 layers before putting it on the wire. Intermediate nodes, like routers and switches might only use up to the first 3 layers, firewalls or WAN accelerators can affect layer 4, load balancers do interesting things as well.

If you're interested in a more detailed answer, look below - I tried(?) to keep it fairly simple, and use a real world example.

For reference:

OSI Model

OSI Model

Source: TCP/IP Guide

What layers encapsulate the data depends on what generates the data. In general, de-encapsulation will only happen for what is relevant to the data's current place in the network (on a router, on a host, etc.)

By this I mean, if I'm a router, I don't care that there is an HTTP request buried in this packet if all I'm trying to do is route traffic via Layer 3 - I will only strip off enough headers to get what I need, do my job, and move on to the next packet.

We all use the internet everyday in some way, so here's what a typical HTTP request will look like, taking the OSI model into account. For simplicity's sake, we can assume the network is available and there aren't any problems.

  1. I type "http://google.com" into a browser, and hit enter.
  2. [Layer 7] Your PC/Server will generate an HTTP GET request to send toward your specified webserver, in this case we're talking about google.com. So if you look above, we have that GET request, which is considered "data". HTTP is a layer 7 protocol, we're going to add that header. Because there is nothing else to do at this layer, lets pass it down to layer 6.
  3. [Layer 6] We can think of layer 6 as how the data should be formatted, for a website nothing is really going to happen here, but an administrator/developer/engineer could do something with this if they chose to. Our PC/Server is still going to add a header on top of the layer 7 (HTTP) header, and send it down to layer 5.
  4. [Layer 5] At this point because our PC/Server knows we're trying to contact a webserver, we need to make this request in a format the application as a whole can understand, for this we use an Application Program Interface (API). This is what manages the applications session, this is so the web server will know what "stream" the data is a part of. Let's add our layer 5 header, and pass it down to Layer 4.
  5. [Layer 4] Network engineers care about all data, but this is where it starts to get very specific for us. Layer 4 is our transport layer, this is where we decide how our data gets there, not the path, but how - i.e. TCP or UDP. In this case, our PC/Server needs to establish a connection with the web server. I'm going to skip over some things for simplicity, but this is where your typical TCP 3-way handshake would happen. We encapsulate what we currently have in a TCP header, this contains things like source and destination port numbers, sequence and acknowledgment numbers, and TCP windowing information.
  6. [Layer 3] Here's the other layer we as engineers really care about, the network layer. This is where packets are addressed to their destinations, we need IP addresses to get to places on a network. Our PC/Server will add its source and destination IP address. Not only will the packets get to the right destination, but that endpoint will use our source IP address to send it back to us when it needs to send us data of any kind. Now, something to note here is that even PCs/Servers can have multiple interfaces, so we need to send the data to the correct place. Our PC/Server will have a routing table just like routers, typically if your a host of some kind, your packets will be routed to your default gateway in the hopes that it will know how to get the packet to its destination. Lets add that IP header and hand it off to the data link layer.
  7. [Layer 2] Our PC/Server's network interface card (NIC), doesn't know how to speak IP on its own, so it uses media access control (MAC) addresses to move that data. Your PC/Server is going to have ARP entries for each IP it can reach, so in this case its going to have an entry for your default gateway. Your gateways IP address, will correlate to a destination MAC address. So let's add our L2 header that destination MAC address, this header also contains our PC/Server NIC's MAC address as the source. Now we have everything we need to put that data onto the wire as bits.
  8. [Layer 1] As you mentioned in your question, this is where the data flows over the wire, it's where we see the raw 1's and 0's. Now there isn't a Layer 1 header per se, if you look at the diagram on layer 2 you'll see that. The data that is up until now which has all of the headers from L7 down to L2, will be converted to those 1's and 0's.
  9. Now we have bits on the wire, on it's way to your gateway router. Up until this point, your PC/Server has done ALL of the work encapsulating the data that bound for google.com's web server.

OSI-at-L3

  1. [Layer 1] Now your gateway router receives the 1's and 0's. The NIC (interface) on the router gets that data and basically says "I have no idea how to read this!" and brings it up to layer 2 so it can read the data.
  2. [Layer 2] The gateway router now inspects the L2 frame, it says "okay cool you came from this MAC, neat. I see your destination MAC was set to my MAC address, so I am allowed to keep doing the work. It will de-encapsulate the L2 header so it can get a look at the IP header (layer 3).
  3. [Layer 3] Your gateway router is going to look at the source and destination IP address now. It says "Okay, you came from this source, cool. Your destination is this IP address. Hmm I don't own this IP address, but I know who does." It will lookup a route for the destination IP address (google.com) in its routing table and use that entry.
  4. After all of this, the same general process repeats. It will check what interface it needs to send the packet, use that interfaces MAC address, turn it to bits and send it. The next router will do the same thing, and so on. In general these packets will only be stripped back down to the layer 7 when it reach its final destination. As I mentioned before, the routers only care about getting the packets to their destination, so it is only going to care about Layer 3, so it won't have a reason to look at anything else besides what it needs to in order to get to that information. So it will see L1/L2/L3 information, but nothing else.
  5. Eventually the data will hopefully get to the destination web-server and at that point the data will have its outer layers stripped all the way down to the HTTP header for the web server to read, and do whatever is necessary to process that request.

NOTE: It's fair to mention that other things can interfere with the typical behavior (firewalls, NAT/PAT, ACL's, etc.) But it's best to have a very solid understanding of where all the encapsulation and de-encapsulation is taking place to understand how those affect the network and the traffic.

Related Topic