Appendix C

The OSI Reference Model

As with any emerging technology, the early days of networking were characterized by strictly proprietary hardware and software. No one agreed on any particular method of building and implementing networks. That meant choices for suppliers were limited.

You could choose to buy your network from IBM, DEC, Burroughs, or a few others. This decision was momentous because after purchasing components from one manufacturer, you were locked in. No one else's equipment or software would work with yours. You had to buy everything from the original vendor, and if they didn't happen to make a product that you really, truly needed, you were just out of luck.

To cut across this entirely proprietary universe, the International Organization for Standardization developed a standard to make possible open systems that could communicate with one another no matter who manufactured them. Today, many proprietary systems still exist, and they don't always communicate with one another as well as we might hope, but they do have the Open Systems Interconnection (OSI) reference model in common. This model provides a framework for depicting the organization of network components and can give you a clearer picture of how these components relate to one another.

The OSI reference model is made up of seven layers. Each layer has its job to do and has to relate only to the layers directly on either side of it. The layers are shown in Figure C-1. From the bottom up, they are as follows:

• Physical
• Data link
• Network
• Transport
• Session
• Presentation
• Application

Figure C-1. Layers of the OSI reference model.

Each layer in a network communication model assumes that it's speaking to the same layer on another machine and uses a common protocol. The collection of protocols is called a protocol stack.

Physical Layer

The physical layer deals with how the data signals are transmitted on the network cable or other transmission medium. The physical layer handles the mechanical and electrical procedures and is oblivious to whether the signal is made up of digital bits or is in analog form. Parts of the physical layer include the type of cabling and the network interface card (NIC).

Data Link Layer

The data link layer is the first layer that handles the packet as such. It groups bits that have been organized into low-level logical units called frames. It then waits for acknowledgment that the frames were received and retransmits any frames that are lost, performing a cyclical redundancy check (CRC) on each frame. The data link layer connects the physical aspects of a network with the abstractions of software.

All network adapters have a Media Access Control (MAC) address, which functions at the data link layer. Bridges operate at the data link layer, using MAC addresses to segment a network into two sections.

Network Layer

The network layer builds on the connection made by the data link layer. It adds the unit of information called packets. The network layer handles routing (the process of delivering packets through an internetwork) and congestion control. It also handles logical addressing, of which IP addresses are the most famous example.

Routers operate at the network layer, routing packets according to logical IP addresses.

Examples of network layer protocols are IPX, IP, and AppleTalk's Datagram Delivery Protocol (DDP).

Transport Layer

The transport layer builds on the error-control mechanisms of the lower layers. This is the last stop for ensuring that corrections are made in the sending and receiving of packets. The transport layer breaks up large pieces of data into smaller pieces and assigns sequence numbers. Examples of transport layer protocols are TCP, SPX, User Datagram Protocol (UDP), and the AppleTalk Transaction Protocol (ATP).

Session Layer

The session layer deals with two-way communications between nodes. When a dialog between nodes begins, a session is initiated. A good example of this is when a workstation connects to a Windows 2000 server. Rules are established about how the two will communicate and the protocols to be used. If a system is running multiple network applications, the system layer organizes communications so that incoming data is directed to the correct application. Remote procedure calls (RPCs) and NetBIOS are examples of session layer functionality.

Presentation Layer

The presentation layer handles how data is represented. It handles how data is formatted, how lines of characters are to be shown, whether data is encoded, and so forth. For example, if you're sending encrypted communications over the Internet, it is the function of the presentation layer to encrypt and decrypt the data. SNMP and Unicode are examples of presentation layer protocols supported in Microsoft Windows 2000.

Application Layer

The application layer handles the information transfer between two network applications, including remote file services, message handling for e-mail, and remote database access. Many of the services under this layer are called application programming interfaces (APIs). APIs are programming libraries used to write applications.

The OSI model layers are usually numbered in the order listed in Figure C1. If you see a reference to Layer 3 of the OSI model, you'll know it's the network layer being described.

The OSI reference model is useful because every networking protocol stack is based in some way on the OSI structure. None of the protocol stacks you encounter will fit the model exactly, but there's always enough correspondence to help you understand the relationship among the parts—and certainly enough to get you started if you want to delve deeper into the technical core of networking.

The Microsoft TCP/IP Stack

Microsoft's TCP/IP protocols use a four-layer conceptual model, also called the PC model, that combines some of the OSI model layers. Table C-1 compares the two models. The layers are simplified, but the same elements are present in the Microsoft TCP/IP stack as in the traditional OSI model.

Table C-1. Comparing conceptual models

The OSI Model in Action

Let's say you want to retrieve a spreadsheet file called Budget.xls from a network file server. Here's how the layers would work to accomplish the retrieval.

First the application layer on your computer detects that you're asking for information from a remote server and formulates a request that Budget.xls should be read from the file server's hard disk. The presentation layer then encrypts the request, if necessary, and passes the packet to the session layer. The session layer adds information about which application is requesting the information and which service is being requested from the file server. The packet is then handed off to the transport layer.

The transport layer verifies that a reliable connection exists to the file server and then breaks down the accumulated information into blocks. If more than one frame is necessary, sequence numbers are added. Next, the blocks are passed to the network layer.

The network layer adds the network address, usually an IP address, for both the system that is the source of the request and the file server. This is added to each chunk of information before it is passed to the data link layer.

The data link layer packages the blocks into frames and adds a frame header and the source and destination MAC addresses. The MAC addresses plus the content of the frame are used to create a CRC trailer. The frames are then handed off to the physical layer. The physical layer knows no more about frames than a highway knows about cars. It is just the road by which the data is moved.

At the file server, the data link layer reads the transmitted frame and identifies the MAC address for the destination system as its own MAC address. The data link layer performs a CRC and if all is well, strips off the header and trailer and passes the frame to the network layer. (If the CRC isn't valid, the data link layer discards the frame and requests a replacement from the source computer.)

The network layer on the file server analyzes the information that was added by the network layer on the source computer, notes the network address of the source computer, and records it in a table. The frames are then passed up to the transport layer.

The transport layer reviews the information in the frame that was supplied by the transport layer on the source system. If sequencing was used, it queues the frames until all are received. The sequencing is used to identify any missing frames, and a request for any missing data is sent to the source computer. If all the data is present, the transport layer passes the request to the session layer.

The session layer verifies that the data is from a valid connection and that all security criteria have been met. The data is then passed to the presentation layer. The presentation layer performs any necessary decryption and passes the data on to the application layer. The application layer passes the request to the process responsible for access to the file system.

Then, incredibly enough, the process reads the requested file and passes the information back to the application layer, and the whole process begins again. That a file request can be processed in less than a day is remarkable—that in reality it takes only a few seconds is quite astounding.

Although when this model is broken down into steps, it appears to be complex (and it is), it's also a good way to ensure flexibility and reliability. Because Ethernet confines its functionality to the data link layer, it can work with any number of protocols such as IP and IPX, which operate in the network layer. You should also bear in mind that the OSI model is a model and isn't exactly adhered to anywhere.