Network Models & Layers — learn.surkar.in

01 / Reference Models

OSI 7-Layer Model

The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes network communication into seven distinct layers. Each layer has a specific responsibility and communicates only with the layers directly above and below it.

Layer	#	Role	Example Protocols
Application	7	User-facing services and APIs	HTTP, FTP, SMTP, DNS
Presentation	6	Data format translation, encryption, compression	TLS/SSL, JPEG, ASCII
Session	5	Manages sessions and dialog control	NetBIOS, RPC
Transport	4	End-to-end delivery, flow control, error recovery	TCP, UDP
Network	3	Logical addressing and routing across networks	IP, ICMP, OSPF, BGP
Data Link	2	Framing, MAC addressing, error detection on a link	Ethernet, Wi-Fi (802.11)
Physical	1	Raw bit transmission over physical media	Ethernet cables, fiber, radio

TCP/IP Model

The TCP/IP model is the practical, four-layer model that the Internet actually uses. It collapses the OSI's top three layers into one Application layer and merges Physical + Data Link into a single Link layer.

TCP/IP layers mapped to OSI

Application (L5-7)

↓

Transport (L4)

↓

Internet (L3)

↓

Link (L1-2)

Why Two Models?

OSI is a teaching and reference model — great for thinking about where protocols fit. TCP/IP is what networks actually implement. In practice, most engineers refer to layers by their OSI numbers (e.g. "Layer 3 switch") but build on the TCP/IP stack.

02 / Encapsulation

Data Encapsulation

As data moves down the stack, each layer wraps it with its own header (and sometimes trailer), creating a new Protocol Data Unit (PDU). The receiving side strips headers in reverse order — this is decapsulation.

Encapsulation down the stack

Data

→

Segment (L4 hdr + data)

→

Packet (L3 hdr + segment)

→

Frame (L2 hdr + packet + trailer)

→

Bits (physical signal)

What Each Header Contains

Transport Header

Source/destination ports, sequence numbers (TCP), length, checksum. Identifies which application process gets the data.

Network Header

Source/destination IP addresses, TTL, protocol field, header checksum. Enables routing across networks.

Data Link Header + Trailer

Source/destination MAC addresses, EtherType, and an FCS (Frame Check Sequence) trailer for error detection on each hop.

MTU and Fragmentation

Each link has a Maximum Transmission Unit (typically 1500 bytes for Ethernet). If a packet exceeds the MTU, it must be fragmented at Layer 3 or the sender must reduce its segment size (Path MTU Discovery).

03 / Layer 2

Data Link Layer

Layer 2 handles communication within a single network segment (LAN). It uses MAC addresses — 48-bit hardware addresses burned into NICs — to identify devices on the same link.

Ethernet Frames

ARP — Address Resolution Protocol

ARP maps a known IP address to a MAC address on the local network. A host broadcasts "Who has 192.168.1.1?" and the owner replies with its MAC. Results are cached in an ARP table to avoid repeated broadcasts.

Switches

Layer 2 switches learn MAC addresses by inspecting the source MAC of incoming frames, building a MAC address table. They then forward frames only to the correct port, unlike hubs which flood every port. This dramatically reduces collision domains.

VLANs

Virtual LANs logically segment a physical switch into isolated broadcast domains. Traffic between VLANs requires a Layer 3 router. Tagged using 802.1Q headers.

STP

Spanning Tree Protocol prevents broadcast storms in networks with redundant links by disabling loops, keeping a single active path. Modern networks often use RSTP for faster convergence.

04 / Layer 3

Network Layer — IP & ICMP

Layer 3 provides logical addressing and routing between networks. IP addresses are hierarchical, enabling aggregation of routes and efficient forwarding.

IPv4

IPv4 addresses are 32-bit, written in dotted-decimal notation (e.g. 192.168.1.0/24). Subnetting divides a network into smaller blocks using a subnet mask. CIDR (Classless Inter-Domain Routing) replaced the old class-based system, allowing arbitrary prefix lengths like /22 or /27.

# Subnetting example
Network:   10.0.0.0/16       → 65,536 addresses
Subnet A:  10.0.0.0/24       → 256 addresses (10.0.0.0 - 10.0.0.255)
Subnet B:  10.0.1.0/24       → 256 addresses (10.0.1.0 - 10.0.1.255)

# Host bits = 32 - prefix_length
/24 → 8 host bits → 2^8 = 256 addresses (254 usable)

NAT

Network Address Translation maps private IPs (10.x, 172.16-31.x, 192.168.x) to a public IP. PAT (Port Address Translation) uses port numbers to multiplex many hosts behind one public IP.

DHCP

Dynamic Host Configuration Protocol automatically assigns IP addresses, subnet masks, default gateways, and DNS servers to hosts via a 4-step process: Discover, Offer, Request, Acknowledge.

IPv6

IPv6 uses 128-bit addresses written in hexadecimal (e.g. 2001:db8::1). It eliminates the need for NAT, has a simplified header, mandatory IPsec support, and built-in autoconfiguration (SLAAC). Adoption is growing but IPv4 remains dominant via NAT.

ICMP

Internet Control Message Protocol is used for diagnostics and error reporting. ping sends ICMP Echo Request/Reply to test reachability. traceroute uses incrementing TTL values — each router that decrements TTL to 0 sends back an ICMP Time Exceeded message, revealing the path.

Practical Tip

When debugging connectivity, start at the bottom: Can you ping the gateway (L3)? Is the link up (L2/L1)? Can you resolve DNS (L7)? This "bottom-up" approach systematically eliminates layers.

05 / IP Routing

Routing & Routing Protocols

Routers forward packets between networks by consulting a routing table. Each entry maps a destination prefix to a next-hop address and outgoing interface. When multiple entries match, the router uses longest prefix match — the most specific route wins.

# Example routing table
Destination        Next Hop        Interface    Metric
10.0.0.0/8         192.168.1.1     eth0         10
10.0.1.0/24        192.168.1.5     eth1         5      ← more specific, wins for 10.0.1.x
0.0.0.0/0          192.168.1.1     eth0         1      ← default route (gateway of last resort)

BGP — Border Gateway Protocol

BGP is the routing protocol of the Internet. It operates between Autonomous Systems (AS) — large networks owned by ISPs, cloud providers, or enterprises, each identified by an AS Number (ASN).

Property	eBGP	iBGP
Scope	Between different AS	Within the same AS
Typical peers	ISP-to-ISP, ISP-to-customer	Routers inside one provider
TTL	1 (directly connected)	255 (can span multiple hops)
Path selection	Uses AS-path, policies, local pref	Same attributes, plus MED

OSPF — Open Shortest Path First

OSPF is a link-state Interior Gateway Protocol (IGP) used within a single AS. Every router builds a complete topology map (Link-State Database) and runs Dijkstra's algorithm to compute shortest paths. OSPF converges faster than distance-vector protocols and supports hierarchical design with areas (Area 0 is the backbone).

BGP vs OSPF

OSPF finds the best path inside your network. BGP decides how traffic flows between networks on the Internet. Most organizations run OSPF (or IS-IS) internally and use BGP to peer with upstream ISPs.

06 / Layer 4

Transport Layer — TCP vs UDP

Layer 4 provides end-to-end communication between processes on different hosts. It uses port numbers (0-65535) to multiplex multiple connections over a single IP address. A socket is identified by the tuple: (src IP, src port, dst IP, dst port, protocol).

Property	TCP	UDP
Connection	Connection-oriented (3-way handshake)	Connectionless
Reliability	Guaranteed delivery, retransmissions	Best-effort, no retransmission
Ordering	In-order delivery via sequence numbers	No ordering guarantee
Flow control	Sliding window (receiver-driven)	None
Congestion control	Slow start, AIMD, cubic	None built-in
Header size	20-60 bytes	8 bytes
Use cases	HTTP, SSH, email, file transfer	DNS, video streaming, gaming, VoIP

Port Multiplexing

Ports allow a single host to run many services simultaneously. Well-known ports (0-1023) are reserved for standard services: 80 (HTTP), 443 (HTTPS), 22 (SSH), 53 (DNS). Ephemeral ports (49152-65535) are assigned dynamically to client-side connections by the OS.

Multiplexing: many connections, one IP

Browser :52301

→

Server :443

Browser :52302

→

Server :443

SSH Client :54210

→

Server :22

When to Choose UDP

Use UDP when latency matters more than reliability: real-time video, gaming, DNS lookups. Modern protocols like QUIC build reliability on top of UDP to avoid TCP's head-of-line blocking, giving the best of both worlds.

Test Yourself

Score: 0 / 10

Question 01

Which OSI layer is responsible for logical addressing and routing packets between networks?

Layer 3 (Network) handles IP addressing and routing. Layer 2 uses MAC addresses for local delivery, while Layer 4 handles port-based process-to-process communication.

Question 02

In the TCP/IP model, which layer combines the OSI Physical and Data Link layers?

The TCP/IP Link layer encompasses both OSI Layer 1 (Physical) and Layer 2 (Data Link). Similarly, the Application layer in TCP/IP merges OSI Layers 5, 6, and 7.

Question 03

During encapsulation, what is the correct order of PDUs from top to bottom of the stack?

Data from the application becomes a Segment at L4 (adding ports), a Packet at L3 (adding IPs), a Frame at L2 (adding MACs), and finally Bits at L1 for physical transmission.

Question 04

What protocol resolves an IP address to a MAC address on a local network?

ARP (Address Resolution Protocol) broadcasts a request on the LAN asking "Who has this IP?" and the owner responds with its MAC address. DNS resolves domain names to IPs, which is a different mapping.

Question 05

A router has these entries: 10.0.0.0/8, 10.0.1.0/24, and 0.0.0.0/0. Which route is used for a packet to 10.0.1.50?

Longest prefix match selects the most specific route. /24 matches 24 bits, /8 matches 8 bits, and /0 is the default. Since 10.0.1.50 falls within 10.0.1.0/24, the /24 entry wins.

Question 06

What is the primary purpose of VLANs?

VLANs logically divide a single physical switch into multiple isolated broadcast domains. Hosts in different VLANs cannot communicate at Layer 2 — they need a Layer 3 router to exchange traffic.

Question 07

Which statement about BGP is correct?

eBGP (external BGP) is used between different Autonomous Systems — it's how ISPs exchange routing information on the Internet. OSPF (not BGP) is the link-state protocol using Dijkstra. iBGP peers don't need to be directly connected.

Question 08

How does traceroute discover the path to a destination?

Traceroute sends packets with TTL=1, TTL=2, TTL=3, etc. Each router decrements the TTL; when it hits 0, that router sends back an ICMP Time Exceeded message, revealing its address. This builds a map of each hop on the path.

Question 09

Which of these is NOT a feature of TCP (compared to UDP)?

Lower latency and minimal overhead are characteristics of UDP (8-byte header), not TCP. TCP's reliability mechanisms (handshakes, sequence numbers, retransmissions, flow/congestion control) add latency and a 20-60 byte header.

Question 10

A network 192.168.10.0/24 has how many usable host addresses?

A /24 network has 2^8 = 256 total addresses, but the first (network address .0) and last (broadcast address .255) are reserved, leaving 254 usable host addresses.