Computer networking is complicated. Really complicated. There are physical cables, electrical signals, error correction, addressing schemes, routing protocols, encryption, application formats, and countless other concerns. How do engineers manage all this complexity? By dividing it into [[layers]].
Each layer handles one specific concern and provides services to the layer above it. The physical layer worries about electrical signals; it doesn't care what those signals mean. The application layer worries about HTTP requests; it doesn't care how those requests get transmitted. This separation of concerns is what makes the internet possible - and what allows you to browse the web without understanding electrical engineering.
The layered model isn't just convenient - it's essential for interoperability. Because each layer has a well-defined interface, you can swap out implementations without affecting other layers. Switch from Ethernet to Wi-Fi? The transport layer doesn't notice. Upgrade from HTTP/1.1 to HTTP/3? The network layer keeps working. This modularity enabled the internet to evolve from ARPANET to the global network we have today.
The OSI model: a conceptual framework
The [[OSI model]] (Open Systems Interconnection) divides networking into seven layers. It was developed in the 1980s by the International Organization for Standardization (ISO) as a theoretical framework for understanding networks. While real-world implementations don't follow it perfectly, it's still the standard vocabulary for discussing network architecture.
The OSI Model - 7 Layers
Hover over a layer to learn more
Data travels DOWN through layers when sending,
and UP through layers when receiving.
A classic mnemonic for remembering the layers from bottom to top: 'Please Do Not Throw Sausage Pizza Away' (Physical, Data Link, Network, Transport, Session, Presentation, Application). Or from top to bottom: 'All People Seem To Need Data Processing.'
Layer by layer
Layer 1: Physical
The [[physical layer]] deals with the actual transmission of raw bits over a physical medium. This is where engineering meets physics. The layer specifies cable types (Cat5e, Cat6, fiber optic), connectors (RJ-45, SC, LC), voltage levels, timing, modulation schemes, and encoding methods. Ethernet cables, fiber optics, Wi-Fi radio waves, Bluetooth - all physical layer concerns.
At this layer, there's no concept of packets or addresses - just a stream of bits (or symbols in advanced modulation). The physical layer defines how 1s and 0s are represented: voltage levels on copper, light pulses in fiber, radio wave phase shifts in wireless. It also handles bit synchronization - how receiver clocks lock onto the sender's timing.
Layer 2: Data Link
The [[data link layer]] handles communication between directly connected devices. It packages bits into [[frames]], adds [[MAC addresses]] (48-bit hardware addresses burned into network interface cards) for local addressing, handles error detection via checksums (CRC), and manages access to shared media. Ethernet and Wi-Fi protocols live here.
This layer is often subdivided into two sublayers: LLC (Logical Link Control) for flow control and multiplexing protocols, and MAC (Media Access Control) for addressing and channel access. The MAC sublayer is particularly important in shared media like Wi-Fi, where CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) coordinates which device transmits when.
Switches operate at Layer 2 - they learn which MAC addresses are reachable through which ports and forward frames accordingly. Unlike hubs (which blindly broadcast everything), switches create isolated collision domains and dramatically improve network efficiency.
Layer 3: Network
The [[network layer]] enables communication across different networks through [[routing]]. This is where [[IP addresses]] live. Routers operate at this layer, making forwarding decisions based on destination addresses. While Layer 2 handles local delivery (like apartment numbers within a building), Layer 3 handles inter-network delivery (like street addresses across cities).
IP provides [[connectionless]] service - each packet is routed independently, and the network makes 'best effort' delivery with no guarantees. Packets might arrive out of order, be duplicated, or get lost entirely. Higher layers (particularly TCP) handle reliability. The network layer also handles fragmentation when packets exceed a link's MTU.
ICMP (Internet Control Message Protocol) also lives at Layer 3 - it's used for error reporting (destination unreachable, time exceeded) and diagnostics (ping, traceroute). Though technically a Layer 3 protocol, ICMP messages are encapsulated in IP packets.
Layer 4: Transport
The [[transport layer]] provides end-to-end communication services. [[TCP]] ensures reliable, ordered delivery through sequence numbers, acknowledgments, retransmission, and flow control. [[UDP]] provides fast, connectionless transmission for applications that prefer speed over reliability. Port numbers at this layer multiplex multiple applications over a single IP address.
TCP implements sophisticated algorithms for reliability and performance: slow start and congestion avoidance to probe available bandwidth, fast retransmit to quickly recover from loss, selective acknowledgment (SACK) to identify specific missing segments. Modern variants like TCP BBR (developed by Google) use novel congestion control based on bandwidth and RTT measurements rather than packet loss.
QUIC, the protocol underlying HTTP/3, is an interesting case - it's technically a transport layer protocol but implemented in userspace over UDP. This allows rapid iteration without waiting for OS kernel updates, and enables features like connection migration (keeping a connection alive when your phone switches from Wi-Fi to cellular).
Layers 5-7: Session, Presentation, Application
The upper layers handle session management (maintaining stateful conversations), data formatting (encryption, compression, encoding), and application-specific protocols. In practice, these layers are often combined in modern implementations. TLS could be considered a presentation layer protocol, but it's typically bundled with transport or application layers.
The [[application layer]] is where user-facing protocols live: HTTP for web browsing, SMTP for email, FTP for file transfer, DNS for name resolution, SSH for secure shell access. These protocols define message formats, request/response patterns, and application semantics.
The TCP/IP model: what we actually use
The real internet uses the [[TCP/IP model]], which condenses the OSI model into four practical layers. It was developed alongside the actual internet protocols, so it reflects implementation reality rather than theoretical ideals:
| TCP/IP Layer | OSI Equivalent | Protocols | Data Unit |
|---|---|---|---|
| Application | Layers 5-7 | HTTP, FTP, SMTP, DNS, SSH | Messages |
| Transport | Layer 4 | TCP, UDP, QUIC | Segments/Datagrams |
| Internet | Layer 3 | IP, ICMP, IPsec | Packets |
| Network Access | Layers 1-2 | Ethernet, Wi-Fi, PPP | Frames |
Encapsulation: wrapping data in layers
When you send data, it travels DOWN through the layers. Each layer wraps the data from the layer above with its own header (and sometimes trailer). This process is called [[encapsulation]]:
- Application layer creates the data (e.g., an HTTP request with headers and body)
- Transport layer wraps it in a segment (adds source/dest ports, sequence numbers, checksums)
- Network layer wraps that in a packet (adds source/dest IP addresses, TTL, protocol)
- Data link layer wraps that in a frame (adds source/dest MAC addresses, frame check sequence)
- Physical layer converts it to bits/signals and transmits over the medium
At the receiving end, the process reverses. Each layer strips off its header, processes the relevant information, and passes the payload up to the next layer. This is [[decapsulation]]. The beauty is that each layer only needs to understand its own header - the payload is opaque data to be delivered.
Protocol headers in practice
When you request a webpage, a single HTTP request might generate a packet with headers totaling 54+ bytes before any payload: 14 bytes of Ethernet header, 20+ bytes of IP header, and 20+ bytes of TCP header. For a simple 'GET /' request, the overhead can exceed the payload size!
Ethernet Frame:
├── Dest MAC (6 bytes): ff:ff:ff:ff:ff:ff
├── Src MAC (6 bytes): aa:bb:cc:dd:ee:ff
├── EtherType (2 bytes): 0x0800 (IPv4)
└── Payload: [IP Packet]
├── Version/IHL (1 byte)
├── DSCP/ECN (1 byte)
├── Total Length (2 bytes)
├── Identification (2 bytes)
├── Flags/Fragment (2 bytes)
├── TTL (1 byte): 64
├── Protocol (1 byte): 6 (TCP)
├── Header Checksum (2 bytes)
├── Source IP (4 bytes): 192.168.1.100
├── Dest IP (4 bytes): 93.184.216.34
└── Payload: [TCP Segment]
├── Src Port (2 bytes): 54321
├── Dst Port (2 bytes): 443
├── Sequence (4 bytes)
├── Acknowledgment (4 bytes)
├── Flags (2 bytes): SYN
└── Payload: [HTTP Request]Why layers matter
The layered model isn't just academic - it has profound practical benefits:
- Modularity: You can change one layer without affecting others (switch from Ethernet to Wi-Fi without changing your HTTP code)
- Interoperability: Different vendors can implement the same layer specifications and work together
- Abstraction: Application developers don't need to understand electrical engineering or routing protocols
- Troubleshooting: Problems can be isolated to specific layers - ping tests Layer 3, telnet tests Layer 4
- Evolution: New protocols can be introduced at any layer without rebuilding the entire stack
When something goes wrong, you can systematically work through the layers. Can't reach a website? Check physical connection (Layer 1 - cables, link lights). Check local network (Layer 2 - can you reach your router?). Check IP routing (Layer 3 - can you ping external IPs?). Check ports and firewall (Layer 4 - is the port open?). Check application (Layer 7 - is the service running?).
Understanding layers also helps you choose the right tool. Want encryption? TLS operates between transport and application layers. Need load balancing? Layer 4 balancers route by IP/port; Layer 7 balancers can route by HTTP headers or URLs. Debugging network issues? Packet captures show you exactly what's happening at each layer.