OSI Model (OSI)
The OSI model is a way to think about how networks work by breaking the process into seven layers, like floors in a building. Each layer has one job: the bottom layers handle the physical wires and electrical signals, the middle layers handle addressing and routing, and the top layers handle what the user actually sees (web pages, emails). When something breaks, engineers use the layers to narrow down the problem: “Is it a Layer 1 issue (cable unplugged) or a Layer 7 issue (the app crashed)?”
The Open Systems Interconnection (OSI) model is a conceptual framework standardized by ISO (ISO/IEC 7498-1) that divides network communication into seven abstraction layers. Each layer serves the layer above it and is served by the layer below it.
| Layer | Name | Function | Protocols/Examples | PDU |
|---|---|---|---|---|
| 7 | Application | User-facing services | HTTP, DNS, SMTP, SSH, FTP | Data |
| 6 | Presentation | Data formatting, encryption | TLS/SSL, JPEG, ASCII, compression | Data |
| 5 | Session | Connection management | NetBIOS, RPC, SOCKS | Data |
| 4 | Transport | End-to-end delivery, reliability | TCP, UDP, QUIC | Segment/Datagram |
| 3 | Network | Logical addressing, routing | IP, ICMP, OSPF, BGP | Packet |
| 2 | Data Link | Physical addressing, framing | Ethernet (802.3), Wi-Fi (802.11), ARP | Frame |
| 1 | Physical | Bits on the wire | Cables, fiber, radio, hubs | Bits |
Encapsulation: as data moves down the stack, each layer wraps the previous layer’s output with its own header (and sometimes trailer). At Layer 2, data becomes a frame; at Layer 3, a packet; at Layer 4, a segment (TCP) or datagram (UDP).
De-encapsulation: the receiving device strips headers in reverse order, passing data up the stack.
In practice, the TCP/IP model (4 layers: Link, Internet, Transport, Application) is what the internet actually uses. The OSI model remains the standard reference for discussing which layer a protocol, device, or problem operates at. Firewalls operate at Layers 3-4; WAFs operate at Layer 7; switches at Layer 2; routers at Layer 3.
Troubleshooting by layer
# Layer 1: Physical — is the link up?
$ ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> state UP
# Layer 2: Data Link — can we reach the gateway's MAC?
$ arp -n
Address HWtype HWaddress Iface
192.168.1.1 ether aa:bb:cc:dd:ee:ff eth0
# Layer 3: Network — can we route to the destination?
$ ping -c 2 8.8.8.8
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=12.3 ms
# Layer 4: Transport — is the port open and accepting connections?
$ nc -zv example.com 443
Connection to example.com 443 port [tcp/https] succeeded!
# Layer 7: Application — does the app respond correctly?
$ curl -sI https://example.com | head -3
HTTP/2 200
content-type: text/html; charset=UTF-8The OSI model is the shared vocabulary of network troubleshooting. When an engineer says “this is a Layer 2 issue,” everyone knows it involves MAC addresses, switching, or VLAN tagging, not DNS or application logic. The WAF vs. firewall distinction maps directly to OSI layers: traditional firewalls inspect Layers 3-4 (IP addresses and ports), while WAFs inspect Layer 7 (HTTP request content). Job interviews, vendor documentation, and certification exams (CompTIA Network+, CCNA) all reference the OSI model extensively. The practical troubleshooting approach is “start at Layer 1 and work up”: check the cable, check the link, check the IP, check the route, check the port, check the application.