The Layered Model: OSI and TCP/IP
Before we get into individual protocols, we build the mental framework the whole series leans on: networking is designed as layers. This isn't idle theory — it's a tool that helps you troubleshoot (which layer is the problem at?) and understand why the Internet works at enormous scale.
Why layer it
Moving data across a network is extremely complex: electrical signals on a wire, addressing, routing through dozens of devices, reliability, encryption, data formats... Nobody solves all of that in one block.
The solution: split it into layers, each handling one job and relying on the service of the layer below, while providing a service to the layer above. The upper layer doesn't need to know how the lower one does its work.
Concrete benefits:
- Abstraction: HTTP (the application layer) doesn't need to know whether the packet travels over fiber or wifi. It just "asks" the layer below to move the data.
- Independent replacement: switching from wifi to 5G (a lower layer) doesn't require changing the browser (an upper layer).
- Layer-by-layer troubleshooting: when something breaks, you ask "which layer is the problem at?" — DNS (application)? a TCP connection (transport)? routing (network)? — and you narrow it down fast.
The OSI model: 7 layers
The OSI reference model splits networking into 7 layers. It's a theoretical model for learning and for a shared vocabulary — in practice the Internet runs on TCP/IP (next section), but networking folks still say "a layer 7 error" or "a layer 4 load balancer" using OSI layer numbers.
Layer Its job Examples
───────────────────────────────────────────────────────────────────
7 Application data for applications to use HTTP, DNS, SSH
6 Presentation formatting, encryption, compression TLS, encryption
5 Session managing sessions between two ends (rarely used alone)
───────────────────────────────────────────────────────────────────
4 Transport connections, reliability, ports TCP, UDP
3 Network logical addressing, inter-network routing IP, ICMP
2 Data Link delivery within one local network, MAC Ethernet, ARP
1 Physical physical signals on wire/airwaves cable, wifi, electricity
Read it bottom-up: layer 1 is the actual wire/airwave, layer 7 is application data. Each upper layer asks the one directly below it. Some layers you'll meet a lot in this series:
- Layer 7 (Application) — where HTTP, DNS, SSH live. This is the layer you program against.
- Layer 4 (Transport) — TCP/UDP, the concept of a port and a connection (Article 6).
- Layer 3 (Network) — IP and routing (Articles 2, 4).
- Layer 2 (Data Link) — MAC and the local network (Article 3).
The "layer 4 vs layer 7" mnemonic is very useful for DevOps: a layer 4 load balancer distributes load based on IP/port (TCP), a layer 7 one based on HTTP content (URL, headers) — Article 11. When someone says "a layer 7 error," they mean an error at the application/HTTP level.
The TCP/IP model: 4 layers (what the Internet actually uses)
OSI is theory; the actual Internet runs on the TCP/IP model (defined in RFC 1122), leaner with 4 layers. It collapses several OSI layers together:
TCP/IP (4 layers) ~ maps to OSI Examples
──────────────────────────────────────────────────────────
Application = OSI 5+6+7 HTTP, DNS, TLS, SSH
Transport = OSI 4 TCP, UDP
Internet = OSI 3 IP, ICMP
Link = OSI 1+2 Ethernet, wifi, ARP
In practice people mix both: they say "layer 4/layer 7" using OSI numbers, but the real architecture is TCP/IP. You don't need to memorize it — just grasp the idea: data passes through several layers, each adding its own part of the work.
Encapsulation: data gets "wrapped" through each layer
This is the core mechanism that connects the layers. When you send data, each layer from the top down wraps another header of its own around it — this is called encapsulation:
Sending out (down the layers):
Application: [ HTTP data ]
Transport (TCP): [ TCP header | HTTP data ] → "segment"
Internet (IP): [ IP header | TCP header | data ] → "packet"
Link (Ethernet): [ Eth header | IP header | TCP | data | Eth trailer ] → "frame"
│
▼ transmitted on wire/airwaves (bits)
- The transport layer adds a TCP header (containing source/destination ports) → the unit is called a segment.
- The network layer adds an IP header (containing source/destination IP) → a packet.
- The link layer adds an Ethernet header (containing MAC) → a frame, then pushes it onto the wire as bits.
At the receiving end, the process runs in reverse (decapsulation): each layer peels off its own header, reads the control information, then passes the rest up to the layer above. By the application layer, the intact HTTP data is handed to the server.
Why this matters to you: each header holds one layer's information, and diagnostic tools (like tcpdump in Article 12) let you see each of these header layers. Understand encapsulation and you can read their output.
Applying it to the journey from Article 0
Remember the journey of opening https://example.com in Article 0? Now place it onto the layers:
- DNS resolves the name — application layer (using UDP/TCP underneath).
- IP of example.com, routing the packet — network layer (Articles 2, 4).
- TCP opens a connection to port 443 — transport layer (Article 6).
- TLS encryption — around the presentation/application layer (Article 9).
- HTTP GET the page — application layer (Article 8).
Each article ahead digs into one (or a few) layers. When troubleshooting for real, you'll ask yourself "which layer?" and know where to look.
Wrap-up
Networking is split into layers, each handling one job and relying on the layer below — enabling abstraction, independent replacement, and layer-by-layer troubleshooting. OSI (7 layers) is the theoretical model for learning and naming (layer 4 = transport/TCP, layer 7 = application/HTTP); TCP/IP (4 layers) is what the Internet actually runs on. Data going down is encapsulated with a header at each layer (segment → packet → frame), and unwrapped in reverse at the receiving end.
Article 2 gets into the network layer — what identifies every device on the Internet: IP addresses and subnets.