This chapter covers the OSI (Open Systems Interconnection) model, a conceptual framework that standardizes networking functions into seven distinct layers. Understanding the OSI model is fundamental for the CompTIA Network+ N10-009 exam, as it underpins troubleshooting methodologies, protocol identification, and device roles. Approximately 10-15% of exam questions directly or indirectly reference the OSI model, making it a critical topic for every candidate.
Jump to a section
Imagine sending a letter from New York to Tokyo. The OSI model layers mirror the postal system's process. At Layer 7 (Application), you write the letter in English, deciding the content and format. Layer 6 (Presentation) translates your letter into a standard language (e.g., Japanese) and may encrypt it for privacy. Layer 5 (Session) establishes the conversation: it opens a postal account, manages the dialogue, and closes it. Layer 4 (Transport) decides how to send the letter: as a single package (TCP) or multiple postcards (UDP). It adds a tracking number and ensures reliable delivery. Layer 3 (Network) determines the route: the letter goes to a sorting center, then to an international hub, using addresses like IP addresses. Layer 2 (Data Link) puts the letter into a specific mailbox (frame) with the local post office's address (MAC address). Layer 1 (Physical) is the actual transportation: the truck, plane, or train that moves the letter as electrical signals, light, or radio waves. Each layer only communicates with its peer layer at the destination: your application layer talks to the recipient's application layer, not the physical layer. This separation allows changing one layer (e.g., using air instead of sea) without affecting others.
What is the OSI Model and Why Does It Exist?
The OSI model, defined in ISO/IEC 7498-1, is a reference model that partitions network communication into seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. It was developed in the late 1970s and early 1980s to address the lack of standardization among competing network protocols. The primary purpose is to enable interoperability between different vendors' equipment and protocols by defining clear interfaces between layers. Each layer provides services to the layer above it and receives services from the layer below. The model is abstract; it is not implemented directly but serves as a teaching tool and a framework for understanding network interactions. For N10-009, you must memorize the layer order, their functions, and the protocols and devices that operate at each layer.
How the OSI Model Works Internally
The OSI model uses encapsulation and decapsulation. When data is sent from an application on Host A to Host B, it travels down the layers on the sender side and up the layers on the receiver side. At each layer, a header (and sometimes a trailer) is added. For example: - Application Layer (7): The application (e.g., web browser) creates data (e.g., HTTP GET request). - Presentation Layer (6): Translates data into a common format, encrypts/compresses if needed. - Session Layer (5): Establishes, manages, and terminates the session between applications. - Transport Layer (4): Segments data into segments (TCP) or datagrams (UDP), adds port numbers. - Network Layer (3): Adds source and destination IP addresses, creating packets. - Data Link Layer (2): Adds source and destination MAC addresses, creating frames. Also adds a trailer for error detection (Frame Check Sequence). - Physical Layer (1): Converts frames into bits and transmits them over the physical medium (e.g., electrical signals on copper, light pulses on fiber).
At the receiving end, each layer strips its corresponding header, processes it, and passes the payload up. This process is called decapsulation.
Key Components, Values, and Defaults
Physical Layer (1): Deals with raw bit transmission. Key elements: voltage levels (e.g., +5V for 1, 0V for 0), cable types (Cat5e, Cat6, fiber), connectors (RJ45, LC), signaling methods (baseband, broadband). Common devices: hubs, repeaters, modems, media converters. There are no protocols per se; standards like 10BASE-T, 100BASE-TX, 1000BASE-T define physical characteristics.
Data Link Layer (2): Responsible for node-to-node delivery. It is divided into two sublayers: Logical Link Control (LLC) and Media Access Control (MAC). The MAC sublayer handles framing, addressing (48-bit MAC addresses), and error detection. Key protocols: Ethernet (IEEE 802.3), Wi-Fi (802.11), PPP. Devices: switches, bridges, network interface cards (NICs). The frame size varies: Ethernet maximum transmission unit (MTU) is 1500 bytes. The FCS is a 4-byte CRC.
Network Layer (3): Handles logical addressing and routing. Key protocol: IP (IPv4 32-bit, IPv6 128-bit). Devices: routers, layer 3 switches. Routing protocols: OSPF, EIGRP, BGP. Default TTL for IPv4 is 64 or 128 hops. The packet header includes source/destination IP, protocol field (TCP=6, UDP=17), and TTL.
Transport Layer (4): Provides end-to-end communication. TCP offers reliable, connection-oriented service with sequencing, acknowledgments, and retransmission. UDP is connectionless and unreliable. TCP header size: 20-60 bytes; UDP header: 8 bytes. Well-known ports: HTTP=80, HTTPS=443, FTP=21, DNS=53. TCP uses a three-way handshake: SYN, SYN-ACK, ACK.
Session Layer (5): Manages sessions – establishes, maintains, and terminates connections. Examples: NetBIOS, RPC. It controls dialog (simplex, half-duplex, full-duplex) and provides checkpointing.
Presentation Layer (6): Translates between application and network formats. Handles encryption (SSL/TLS), compression, and character encoding (ASCII, EBCDIC).
Application Layer (7): Provides network services to applications. Common protocols: HTTP, FTP, SMTP, DNS, DHCP. This is not the application itself but the protocol the application uses.
Configuration and Verification Commands
While the OSI model is conceptual, you can verify layer functionality with commands:
- Physical/Data Link: ip link show (Linux), getmac (Windows), show interfaces (Cisco).
- Network: ping, traceroute, ipconfig / ifconfig, show ip route.
- Transport: netstat -an, ss -tuln.
- Application: curl, telnet, nslookup.
For N10-009, be able to identify which layer a problem occurs at based on symptoms: if ping fails but link lights are on, it's likely Layer 3 or above.
How It Interacts with Related Technologies
The OSI model is often compared with the TCP/IP model, which has four layers: Application (combines 5-7), Transport, Internet (Layer 3), and Network Interface (Layers 1-2). The exam tests understanding of both models and mapping between them. The OSI model is also used in troubleshooting: for example, if a user cannot access a website, a network engineer might start at Layer 1 (check cables), then Layer 2 (switch port status), Layer 3 (IP connectivity), Layer 4 (port blocking), and finally Layer 7 (web server status).
1: Application Layer Generates Data
The process begins at Layer 7 when an application, such as a web browser, needs to send data. The application creates a payload, for example, an HTTP GET request. This layer does not add a header; it simply passes the data to the Presentation Layer. The Application Layer provides services like file transfer (FTP), email (SMTP), and web browsing (HTTP). In the context of the OSI model, the application itself is not part of Layer 7; rather, the protocol that the application uses to communicate is.
2: Presentation Layer Translates Data
Layer 6 receives the data and may translate it into a standard format, such as converting ASCII to EBCDIC or applying encryption via SSL/TLS. Compression may also occur here. The Presentation Layer ensures that the data is in a format the receiving application can understand. It adds a header if needed, but in many implementations, this layer is minimal. The transformed data is then passed to the Session Layer.
3: Session Layer Establishes Connection
Layer 5 manages the dialogue between applications. It establishes, maintains, and terminates sessions. For example, in a TCP connection, the three-way handshake is managed at Layer 5? Actually, the three-way handshake is a Transport Layer function (Layer 4) but session management is separate. The Session Layer can checkpoint data streams and allow recovery from failures. It adds a header with session identifiers. The data then moves to the Transport Layer.
4: Transport Layer Segments Data
Layer 4 takes the data and segments it into smaller units (segments for TCP, datagrams for UDP). It adds a header containing source and destination port numbers, sequence numbers (TCP), and checksums. For TCP, a connection is established via the three-way handshake before data transfer. The Transport Layer ensures reliable delivery (TCP) or provides best-effort delivery (UDP). The segment is then passed to the Network Layer.
5: Network Layer Adds IP Addressing
Layer 3 receives the segment and adds a header containing source and destination IP addresses, creating a packet. It also adds a protocol identifier (e.g., 6 for TCP, 17 for UDP) and a TTL value. The Network Layer determines the best path to the destination using routing protocols. The packet is then passed to the Data Link Layer.
6: Data Link Layer Frames the Packet
Layer 2 takes the packet and adds a header and trailer to create a frame. The header includes source and destination MAC addresses. The trailer includes a Frame Check Sequence (FCS) for error detection. The Data Link Layer is responsible for node-to-node delivery across a single network segment. The frame is then passed to the Physical Layer.
7: Physical Layer Transmits Bits
Layer 1 converts the frame into a stream of bits and transmits them over the physical medium. This could be electrical signals on copper wire, light pulses on fiber optic cable, or radio waves in wireless transmission. The Physical Layer defines the hardware characteristics: voltage levels, timing, cable types, and connectors. The bits travel to the destination device, where the reverse process begins.
In an enterprise network, the OSI model is used daily for troubleshooting. For instance, consider a scenario where users in a branch office cannot access a corporate web application hosted at headquarters. A network engineer would methodically test each layer:
Physical Layer: Check link lights on switches and routers, verify cable connections, and test for signal loss. If a fiber optic cable is damaged, the link will be down.
Data Link Layer: Verify switch port status (up/down), check for MAC address table entries, and ensure VLAN configurations are correct. A misconfigured trunk port could prevent frames from passing.
Network Layer: Use ping to test IP connectivity. If ping fails, check routing tables, IP addressing, and subnet masks. Perhaps the branch router has a missing default route.
Transport Layer: Use telnet or Test-NetConnection to test port availability. A firewall might be blocking TCP port 443 (HTTPS).
Session/Application Layers: Check if the web server is running, if SSL certificates are valid, and if DNS resolves correctly.
Another scenario: deploying a new VoIP system. Voice traffic is sensitive to delay and jitter. At Layer 2, VLANs separate voice and data traffic. At Layer 3, QoS markings (DSCP) prioritize voice packets. At Layer 4, UDP is used for RTP, and TCP for SIP. The engineer must ensure that the Physical Layer has sufficient bandwidth and low latency. Common misconfigurations include mismatched MTU sizes causing fragmentation, or incorrect QoS policies dropping voice packets.
In cloud environments, the OSI model helps when troubleshooting connectivity to virtual machines. For example, a security group (Layer 4 firewall) might block traffic, or a virtual switch (Layer 2) might have incorrect port groups. The model provides a structured approach to isolate the issue.
The N10-009 exam tests the OSI model primarily in the context of troubleshooting and protocol identification. Objective 1.1 states: 'Compare and contrast the OSI model layers and encapsulation concepts.' Key exam topics include: - Layer numbers and names: Be able to list them in order from 7 to 1 and vice versa. Mnemonics like 'Please Do Not Throw Sausage Pizza Away' (Physical, Data Link, Network, Transport, Session, Presentation, Application) are helpful. - Protocol-to-layer mapping: Know that HTTP, FTP, SMTP are Layer 7; SSL/TLS is Layer 6; NetBIOS is Layer 5; TCP/UDP are Layer 4; IP, ICMP, ARP are Layer 3; Ethernet, PPP are Layer 2; and standards like 1000BASE-T are Layer 1. - Device placement: Hubs/repeaters at Layer 1, switches/bridges at Layer 2, routers at Layer 3, firewalls (some) at Layer 4, gateways at higher layers. - Encapsulation: Know the order of headers: data, then TCP/UDP header, then IP header, then Ethernet header. - Common wrong answers: Candidates confuse which layer handles encryption (Layer 6, not Layer 7) or which layer uses MAC addresses (Layer 2, not Layer 3). Another trap: thinking that routers use MAC addresses for routing (they use IP addresses; MAC addresses are for local delivery). - Edge cases: The exam may ask about the session layer's role in establishing connections. Remember that the three-way handshake is Transport Layer, but session management is Layer 5. Also, note that ARP operates between Layer 2 and Layer 3; it is often considered a Layer 3 protocol but relies on Layer 2 addresses. - Elimination strategy: When troubleshooting, if a user can't access a website but can ping the server, the problem is likely at Layer 4 or above (port blocking or application issue). If ping fails, it's Layer 3 or below.
The OSI model has 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, Application (from bottom to top).
Encapsulation adds headers at each layer: data → segment (L4) → packet (L3) → frame (L2) → bits (L1).
Common protocols: HTTP (L7), SSL/TLS (L6), NetBIOS (L5), TCP/UDP (L4), IP (L3), Ethernet (L2), 1000BASE-T (L1).
Devices: hub (L1), switch (L2), router (L3), firewall (L4), gateway (L5-7).
Troubleshooting starts at Layer 1 and moves up; if ping fails, suspect Layers 1-3; if ping succeeds but app fails, suspect Layers 4-7.
The TCP/IP model has 4 layers: Network Interface (L1+L2), Internet (L3), Transport (L4), Application (L5+L6+L7).
The OSI model is a reference model, not a protocol suite; it helps with standardization and troubleshooting.
Layer 2 uses MAC addresses; Layer 3 uses IP addresses; Layer 4 uses port numbers.
These come up on the exam all the time. Here's how to tell them apart.
OSI Model
Seven layers: Physical, Data Link, Network, Transport, Session, Presentation, Application.
Developed by ISO as a theoretical framework.
Separation of Session and Presentation layers allows modularity.
Less commonly implemented in real-world networks.
Used primarily for teaching and troubleshooting.
TCP/IP Model
Four layers: Network Interface, Internet, Transport, Application.
Developed by DARPA as a practical protocol suite.
Application layer combines Session, Presentation, and Application functions.
Widely used in modern networks (the Internet runs on TCP/IP).
The primary model for protocol implementation.
Mistake
The OSI model is a protocol suite like TCP/IP.
Correct
The OSI model is a conceptual reference model, not a concrete protocol stack. It provides a framework for understanding networking, but actual implementations (like TCP/IP) do not strictly follow all seven layers. The exam expects you to know both models and how they map.
Mistake
The Physical Layer only deals with cables and connectors.
Correct
While cables and connectors are part of Layer 1, it also includes signal encoding, voltage levels, timing, and modulation. For example, 1000BASE-T uses four pairs of wires with simultaneous bidirectional signaling, which is a Layer 1 specification.
Mistake
Switches operate at Layer 3 because they can be configured with IP addresses.
Correct
Most switches are Layer 2 devices that forward frames based on MAC addresses. Some switches are Layer 3 (multilayer switches) that also perform routing, but the exam distinguishes: a standard switch is a Layer 2 device. The IP address on a switch is for management, not for forwarding data traffic.
Mistake
The Presentation Layer is responsible for encryption and compression, so it is part of the Application Layer in TCP/IP.
Correct
In the TCP/IP model, the Presentation Layer's functions (encryption, compression) are absorbed into the Application Layer. However, the OSI model separates them. The exam may ask which layer handles encryption; the answer is Layer 6 (Presentation), not Layer 7.
Mistake
The OSI model layers are strictly independent; data flows only vertically.
Correct
While each layer communicates only with its adjacent layers on the same device, the model also assumes peer-to-peer communication: the Transport Layer on the source communicates logically with the Transport Layer on the destination. Encapsulation and decapsulation ensure that headers are only read by the corresponding layer.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
From top to bottom: Application (7), Presentation (6), Session (5), Transport (4), Network (3), Data Link (2), Physical (1). A common mnemonic is 'All People Seem To Need Data Processing' (top-down) or 'Please Do Not Throw Sausage Pizza Away' (bottom-up). For the exam, you must be able to recite them both ways.
The Presentation Layer (Layer 6) handles encryption, compression, and translation between data formats. For example, SSL/TLS operates at Layer 6. However, in the TCP/IP model, these functions are part of the Application Layer. On the exam, if asked about OSI, remember that encryption is Layer 6.
A hub operates at Layer 1 (Physical) – it simply repeats electrical signals without any intelligence. A switch operates at Layer 2 (Data Link) – it examines MAC addresses and forwards frames only to the appropriate port. Switches reduce collisions and improve performance. The exam expects you to know that hubs are Layer 1 and switches are Layer 2.
The OSI model provides a structured approach: start at Layer 1 (check cables, link lights), then Layer 2 (switch port status, VLANs), Layer 3 (IP connectivity, routing), Layer 4 (port blocking, firewall rules), and finally Layers 5-7 (application issues). For example, if you can ping but not browse, the problem is likely at Layer 4 or above.
Encapsulation is the process where each layer adds its own header (and sometimes trailer) to the data as it moves down the stack. For example, the Transport Layer adds a TCP header, the Network Layer adds an IP header, and the Data Link Layer adds an Ethernet header and FCS trailer. At the receiver, decapsulation removes these headers in reverse order.
The TCP three-way handshake occurs at the Transport Layer (Layer 4). It involves SYN, SYN-ACK, and ACK segments to establish a connection. The Session Layer (Layer 5) manages the overall session, but the actual handshake is a Transport Layer function. This is a common exam trap.
The OSI model has 7 layers, while the TCP/IP model has 4 layers (Network Interface, Internet, Transport, Application). TCP/IP combines the Session, Presentation, and Application layers into one Application layer, and the Physical and Data Link layers into the Network Interface layer. TCP/IP is the model used on the Internet; OSI is a reference model.
You've just covered OSI Model for Network+ — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?