The OSI Model

An open system is a set of protocols that allows any two different

systems to communicate regardless of their underlying
architecture. The purpose of the OSI model is to open
communication between different systems without requiring
changes to the logic of the underlying hardware and software. The
OSI model is not a protocol; it is a model for understanding and
designing a network architecture that is flexible, robust, and
interoperable.

ISO is the organization. OSI is the model.

The Model

The Open Systems Interconnection model is a layered framework

for the design of network systems that allows for communication
across all types of computer systems. It consists of seven separate
but related layers, each of which defines a segment of the process
of moving information across a network (see Figure 3.1).
Understanding the fundamentals of the OSI model provides a solid
basis for exploration of computer networking and data
communications.

Layered Architecture

The OSI model is built of seven ordered layers: physical (layer 1),
data link (layer 2), network (layer 3), transport (layer 4), session
(layer 5), presentation (layer 6), and application (layer 7).
Figure 3.2 shows the layers involved when a message is sent from
device A to device B. As the message travels from A to B, it may
pass through many intermediate nodes.
Figure 2.1 Tasks involved in sending a letter
Fig. 3-1 The OSI model
Fig. c
Fig. b
Fig. a
Fig. 3-2 OSI layers
Fig. d
These intermediate nodes usually involve only the first three
layers of the OSI model. In developing the model, the designers
distilled the process of transmitting data down to its most
fundamental elements. They identified which networking
functions had related uses and collected those functions into
discrete groups that became the layers. Each layer defines a
family of functions distinct from those of the other layers. By
defining and localizing functionality in this fashion, the designers
created an architecture that is both comprehensive and flexible.
Most important, the OSI model allows complete transparency
between otherwise incompatible systems.

A mnemonic for remembering the layers of the OSI model is:

Please Do Not Touch Steve's Pet Alligator, (Physical, Data Link,
Network, Transport, Session, Presentation, Application).
Application Layer: Layer-7
This layer Consists of protocols that define specific user ‑oriented
applications such as e‑mail, file‑transfers, and virtual terminal.
Examples include FTAM (File Transfer, Access, and Management)
for remote A handling, X.400 (for e‑mail), and CMIP (Common
Management Information Protocol) for network management.

Presentation Layer: Layer –6

This layer provides for data formats, translations, and code
conversions. Concerned with syntax and semantics of data being
transmitted. Encodes messages in a format that is suitable for
electronic transmission. Data compression and encryption done at this
layer. Receives message from application layer, formats it, and passes
it to the session layer. In practice, this layer is usually incorporated
within the application layer.
Session Layer: Layer-5

This layer provides for coordination between communicating

processes between nodes. Responsible for enforcing the rules of
dialog (e.g., Does a connection permit W duplex or full‑duplex
communication?), synchronizing the flow of data, and
reestablishing a connection in the event a failure occurs.
Examples include AppleTalk Data Stream Protocol for reliable
data transfer between two nodes, NetBEUI (an extension of
NetBIOS), and Printer Access Protocol for accessing a
PostScript printer in an AppleTalk network. Uses the
presentation layer above it and the transport layer below it.
Transport Layer: Layer-4
Provides for error‑free delivery of data. Accepts data from the session
layer, partitions data into smaller packets if necessary, passes these
packets to the network layer, and ensures that packets arrive
completely and correctly at their destination. Examples involve
varying classes of the OSI Transfer Protocol‑TPx, where x = {0, 1, 2,
3, 4). Each class describes a specific level of service quality such
whether a transmission provides for error detection or correction, or if
the service is connection­oriented or connectionless.
Network Layer: Layer-3
Responsible for the end‑to‑end routing or switching of data to
establish a connection for the transparent delivery of data. Addresses
and resolves all inherent problems related to the transmission of data
between heterogeneous networks. Uses the transport layer above it
and the data link layer below it. Formatted messages are referred to as
packets.
Data Link Layer: Layer-2
This layer is responsible for the transfer of data between the
ends of a physical link. Provides for error detection, "framing"
and flow control. Resolves problems due to damaged, lost, or
duplicate frames. Formatted messages are referred to as frames
rather than packets.
Physical Layer: Layer-1
Responsible for transmitting raw bits over a link; it moves
energy. Accepts frames from the data link layer and translates
the bit stream into signal on the physical medium, which lies
below it. Concerned with issues such as the type of wire being
used, the type of connect (i.e., interface) used to connect a
device to the medium, and signaling scheme.
 Application(7)
Provides user‑application services and procedures
Presentation(6)
Structures data in a mutually agreed Application or
Service-Oriented
format; concerned with issues such as how to code
Layers
Soft- and format data; includes data encryption
ware Session (5)
Controls process communications; responsible for
segmenting, buffering, and synchronization
Transport (4) Delivery and
end‑to‑end control; responsible for partitioning Verification
and reassembling messages Services
 Network (3)
Provides routing services for transferring data
across the network; performs network
management, packet formatting
Data Link (2)
Communication
Hard- Organizes data into frames; provides flowor or Network-
ware initialization, flow control, link termination, Oriented Layers
and error control
Physical (1)
Transfers bits across link, defines physical
characteristics of media
Fig. The OSI layering process begins at the application layer of the source
machine, where a message is created by an application program. This message
moves down the layers until it reaches layer 3. Underlying layer 1 is the actual
physical Medium. Data are then transmitted across this Medium to the
receiving host, where the information works its way up through the layers. As
messages move down the layers, they are encapsulated with headers that are
germane to a specific layer. These headers are removed as the data are passed
upward through corresponding layers at the receiving host.
Fig. How layers work. Each layer "envelops" the data with its
protocol. Each layer has a corresponding layer on the remote
(destination) node, which is called a peer.
OSI Service Types
There are two different types of services OSI layers provide:
• Connection‑Oriented and Connectionless
Some layers also include multiplexing as an additional service, but
Ibis does not necessarily transcend all layers of the architecture.
Services are available at service access points (SAPs), with each
SAP having a corresponding address.
3. Connection‑Oriented Service
This type of service implies that prior to the transfer of data a
physical (and virtual) link is established between the sending and
receiving nodes. This link remains in effect for the duration of the
session. After the session is completed, the link is removed.
Characteristics of a connection‑oriented service include: wasted bandwidth,
because the link must remain established even during idle periods of a
transmission; a high potential for a hung network, since there is always a
possibility that a link will not be terminated; and (on the bright side)
guaranteed sequential arrival of packets at the destination node.
The telephone system is an example of connection ‑oriented service. You
establish a connection (you dial a number).
You transfer data over this circuit when the connection is made (you begin
talking when the receiver is picked up); communication occurs in the
proper sequence (words and sentences are received, in the correct order);
and you release the connection at the conclusion of the transfer (you hang
up the phone, which frees the circuit).
Note the issues of bandwidth wastage and a hung network. If a telephone
connection has been made but no one is talking, bandwidth is wasted
because the circuit is established but not being used.
2. Connectionless Service
This type of service differs from connection‑oriented service in that no
physical link is established between sending and receiving nodes prior to
data transmission. Instead, a message is partitioned into packets and
routed through the network. Each packet is independent of the other
packets that carry parts of the message and hence must carry a destination
address.
Packets also can arrive out of order.
Think of the post office as providing connectionless service. If you send
someone five separate letters numbered one through five, you must place
the recipient's address on each letter.
Once mailed, the letters do not necessarily follow exactly the same
delivery route, and it is possible for the recipient to receive the letters out
of sequence (e.g., letter three is received before letter two).
Connectionless service is also either reliable or unreliable.
Unreliable service requires acknowledgment of receipt of data from the
receiving node to the sending node. This is called a datagram service.
Reliable service requires an acknowledgment. This is called an
acknowledged datagram service. Using our post office metaphor, these
services compare with mailing a "regular" letter versus mailing a registered
letter with a return receipt request.
One of the best and most practical examples of these services is the
Internet. We illustrate the two services by sending a message across the
Internet. Prior to doing so, we need to provide a little addressing
methodology. To send a message from one node to another within the
Internet, three different addresses are needed.
The first address is the hardware address, which uniquely identifies each
node. Hardware addresses are provided by the data link layer.
The second address is the network address, which identifies the network to
which a node is connected. In TCP/IP, this is called an Internet address or
an IP (for Internet Protocol) address. Network addresses operate at the
network layer.
Each network node that is part of the Internet has a unique IP address.
(IP addresses do more than simply identify the network).
The third address is called the port address, which uniquely identifies
a specific user application such as e ‑mail. All network applications
have corresponding identifiers called port numbers.
To send a message from one node to another, a message is first
created at the application layer.
It undergoes whatever formatting is required as it works its way down
through the layers.
When the message reaches the network layer, a network address is
assigned to the message. This network address identifies the specific
network to which the destination host is connected. Depending on the
protocol, this service is either connectionless or connection ‑oriented.
For example, Telnet and SMTP are connection-oriented services. The
network layer determines the path the message must follow to reach
the destination node. It also encapsulates packets into IP datagrams
and passes them to the data link layer.
At the data link layer, the destination node's hardware, address is added to
the packet. This address uniquely identifies the location of the destination
node within the destination network. The data link layer, among other
tasks also formats the packet into frames, which are like packets but exist
at a lower level and checks the integrity bf each frame. Frames are then
passed to the physical layer, which places them on the medium for
transmission.
Fig. The OSI layering process begins at the application layer of the source
machine, where a message is created by an application program. This message
moves down the layers until it reaches layer 3. Underlying layer 1 is the actual
physical Medium. Data are then transmitted across this Medium to the
receiving host, where the information works its way up through the layers. As
messages move down the layers, they are encapsulated with headers that are
germane to a specific layer. These headers are removed as the data are passed
upward through corresponding layers at the receiving host.
Fig. How layers work. Each layer "envelops" the data with its
protocol. Each layer has a corresponding layer on the remote
(destination) node, which is called a peer.
Peer-to-Peer Processes

Within a single machine, each layer calls upon the services of the
layer just below it. Layer 3, for example, uses the services provided
by layer 2 and provides services for layer 4. Between machines,
layer x on one machine communicates with layer x on another
machine. This communication is governed by an agreed-upon
series of rules and conventions called protocols. The processes on
each machine that communicate at a given layer are called peer-to-
peer processes. Communication between machines is therefore a
peer-to-peer process using the protocols appropriate to a given
layer.

At the physical layer, communication is direct: Machine A sends a

stream of bits to machine B. At the higher layers, however,
communication must move down through the layers on machine A,
over to machine B, and then back up through the layers.
Each layer in the sending machine adds its own information to the
message it receives from the layer just above it and passes the
whole package to the layer just below it. This information is added
in the form of headers or trailers (control data appended to the
beginning or end of a data parcel). Headers are added to the
message at layers 6, 5, 4, 3, and 2. A trailer is added at layer 2.

Headers are added to the data at layers 6, 5, 4, 3, and 2. Trailers

are usually added only at layer 2.

At layer 1 the entire package is converted to a form that can be

transferred to the receiving machine. At the receiving machine, the
message is unwrapped layer by layer, with each process receiving
and removing the data meant for it. For example, layer 2 removes
the data meant for it, then passes the rest to layer 3. Layer 3
removes the data meant for it and passes the rest to layer 4, and so
on.
Interfaces between Layers

The passing of the data and network information down through

the layers of the sending machine and back up through the layers
of the receiving machine is made possible by an interface between
each pair of adjacent layers.

Each interface defines what information and services a layer must

provide for the layer above it. Well-defined interfaces and layer
functions provide modularity to a network.

As long as a layer still provides the expected services to the layer

above it, the specific implementation of its functions can be
modified or replaced without requiring changes to the
surrounding layers.
Organization of the Layers

The seven layers can be thought of as belonging to three subgroups.

Layers 1, 2, and 3—physical, data link, and network—are the
network support layers; they deal with the physical aspects of
moving data from one device to another (such as electrical
specifications, physical connections, physical addressing, and
transport timing and reliability). Layers 5, 6, and 7—session,
presentation, and application—can be thought of as the user
support layers; they allow interoperability among unrelated
software systems. Layer 4, the transport layer, links the two
subgroups and ensures that what the lower layers have transmitted
is in a form that the upper layers can use. The upper OSI layers are
almost always implemented in software; lower layers are a
combination of hardware and software, except for the physical
layer, which is mostly hardware.
In Figure 3.3, which gives an overall view of the OSI layers, L7 data
means the data unit at layer 7, L6 data means the data unit at layer
6, and so on.The process starts out at layer 7 (the application layer),
then moves from layer to layer in descending sequential order. At
each layer (except layers 7 and 1), a header is added to the data
unit. At layer 2, a trailer is added as well. When the formatted data
unit passes through the physical layer (layer 1), it is changed into an
electromagnetic signal and transported along a physical link.

Upon reaching its destination, the signal passes into layer 1 and is
transformed back into digital form. The data units then move back
up through the OSI layers. As each block of data reaches the next
higher layer, the headers and trailers attached to it at the
corresponding sending layer are removed, and actions appropriate
to that layer are taken. By the time it reaches layer 7, the message is
again in a form appropriate to the application and is made available
to the recipient.
Fig. 3-3 An exchange using the OSI model
Functions Of The Layers

Physical Layer

The physical layer coordinates the functions required to transmit a

bit stream over a physical medium. It deals with the mechanical and
electrical specifications of the primary connections, such as cables,
connectors, and signaling options that physically link two nodes on
a network.

This first layer receives a data unit from the second layer and puts it
into a format capable of being carried by a communications link. It
oversees the changing of a bit stream into electromagnetic signals,
and their transmission onto and across a medium (see Figure 3.4).
Fig. 3-4 Physical layer
This seemingly simple task requires a number of considerations:

• Line configuration. How can two or more devices be linked

physically? Are transmission lines to be shared or limited to use
between two devices? Is the line available or not?
• Data transmission mode. It does transmission flow one way or
both ways between two connected devices? Or does it alternate?
• Topology. How are network devices arranged? Do they pass data
directly to each other or through an intermediary? And by what
paths?
• Signals. What type of signals are useful for transmitting
information?
• Encoding. How are bits (Os and Is) to be represented by available
signaling systems? How are data represented by signals?
• Interface. What information must be shared between two closely
linked devices to enable and facilitate communication? What is the
most efficient way to communicate that information?
• Medium. What is the physical environment for the transmission of
data?
Data Link Layer

The data link layer is responsible for delivering data units (groups of
bits) from one station to the next without errors. It accepts a data
unit from the third layer and adds meaningful bits to the beginning
(header) and end (trailer) that contain addresses and other control
information. A data unit with this additional information is called a
frame (see Figure 3.5).

To get to its ultimate destination, a transmission may have to be

passed along by a number of intermediate stations, much as a letter
from California to Cornell University in Ithaca, New York, may first
go to New York City, from there to Syracuse, and from there to
Ithaca before finally arriving at Cornell. Data link frame headers
and trailers contain the information necessary to move a data unit
from one of these stations to the next (information such as the
physical address of the station passing along the data unit and that of
the next station to which the frame must go on the way to its final
destination).
Fig. 3-5 Data Link Layer
In addition, the data link layer is responsible for flow control and
error detection. Protocols in this layer regulate the right of a
device to transmit; how to keep transmissions from overwhelming
the receiver; and how to ensure that errors introduced during
transmission are corrected. To this end, headers and trailers also
carry information about synchronization (where one bit stops and
another starts), sequencing (what part of the overall transmission
is represented by a particular frame), and whether or not the last
frame arrived intact.

Headers and trailers at this level are added by the sending node,
then checked and interpreted by the receiving node. Once a
receiving node accepts a frame, it strips off the header and trailer
and passes the remaining data unit on to the network layer.
 Specific responsibilities of the data link layer include the
following:

• Node-to-node delivery. The data link layer is responsible for

node-to-node delivery.
• Addressing. Headers and trailers added at this layer include the
physical addresses of the most recent node and the next
intended node.
• Access control. When two or more devices are connected to the
same link, the data link layer protocols are necessary to
determine which device has control over the line at any given
time.
• Flow control. To avoid overwhelming the receiver, the data link
layer regulates the amount of data that can be transmitted at
one time. It adds identifying numbers to enable the receiving
node to control the ordering of the frames.
• Error handling. Data link layer protocols provide for data
recovery, usually by having the entire frame retransmitted.
• Synchronization. Headers contain bits to alert the receiving
station that a frame is arriving. In addition, these bits provide a
pattern to allow the receiver to synchronize its timing to that of
the transmission (to know the duration of each bit). Trailers
contain bits for error control and also bits that indicate the
frame has ended, and that anything to follow is either a new
frame or an idle channel.

When the standards were developed for local area networks, the
data link layer was subdivided into two sublayers: logical link
control (LLQ and media access control (MAC). This subdivision
allows for inconsistencies between the protocols of different
vendors.
Example 3.1

In Figure 3.6 a node with physical address 10 sends a frame to a

node with physical address 87. The two nodes are connected by a
link. At the data link level this frame contains physical (link)
addresses in the header. These are the only addresses needed. The
rest of the header contains other information needed at this level.
The trailer usually contains extra bits needed for error detection.

Network Layer

The network layer is responsible for the source -to- destination

delivery of a packet across multiple network links. Whereas the
data link layer oversees station-to-station (node-to-node) delivery,
the network layer ensures that each packet gets from its point of
origin to its final destination successfully and efficiently.
Fig. 3-6 Data link layer (Example 3.1)
To make such end-to-end delivery possible, the network layer
provides two related services: switching and routing. Switching
refers to temporary connections between physical links, resulting
in longer links for network transmission. A telephone
conversation is an example of a switched connection: two lines
are temporarily joined into a single dedicated link for the
duration of the conversation. In this case each packet is sent by
the same route to the destination.

Routing means selecting the best path for sending a packet from
one point to another when more than one path is available. In
this case, each packet may take a different route to the
destination, where the packets are collected and reassembled into
their original order. Routing considerations include speed, cost,
and the ability to change pathways in midtransmission.
Routing and switching require the addition of a header that
includes, among other information, the source and destination
addresses of the packet. These addresses are different from the
physical (node) addresses included in the data link header. Data
link addresses are of the current and next node only (the physical
addresses). They change as a frame moves from one node to the
next. Network layer addresses are those of the original source and
the final destination. They do not change during transmission and
are often called the logical addresses. The addition of the network
layer header is shown in Figure 3.7.
Fig. 3-7 Network layer
Specific responsibilities of the network include the following:

• Source-to-destination delivery. Moving a packet (best effort)

from its point of origin to its intended destination across
multiple network links,
• Logical addressing. Inclusion of the source and destination
addresses in the header.
• Routing. Deciding which of multiple paths a packet should
take.
• Address transformation. Interpreting logical addresses to find
their physical equivalents.
• Multiplexing. Using a single physical line to carry data between
many devices at the same time.
Example 3.2

Now imagine that in Figure 3.8 we want to send data from a node
with network address A and physical address 10, located on one
local area network, to a node with a network address P and physical
address 95, located on another local area network. Because the two
devices are located on different networks, we cannot use link
addresses only; the link addresses have only local jurisdiction. What
we need here are universal addresses that can pass through the
boundaries of local area networks. The network (logical) addresses
have this characteristic. The packet at the network layer contains
the logical addresses, which remain the same from the original
source to the final destination (A and P, respectively, in the figure).
They will not change when we go from network to network.
However, the physical addresses will change when the packet moves
from one network to another. The box with the R is a router
(internetwork device), which we will discuss in Chapter 15****.
Fig. 3-8 Network layer (Example 3.2)
Transport Layer

The transport layer is responsible for source-to-destination (end-to-

end) delivery of the entire message. Whereas the network layer
oversees end-to-end delivery of individual packets, it does not
recognize any relationship between those packets. It treats each one
independently, as though each piece belonged to a separate message,
whether or not it does. The transport layer, on the other hand,
ensures that the whole message arrives intact and in order,
overseeing both error control and flow control at the source-to-
destination level.

Computers often run several programs at the same time. For this
reason, source-to-destination delivery means delivery not only from
one computer to the next but also from a specific application on one
computer to a specific application on the other. The transport layer
header must therefore include a type of address called a service-
point address (also called a port address or socket address).
The network layer gets each packet to the correct computer; the
transport layer gets the entire message to the correct application
on that computer.

The transport layer header also contains sequence, or

segmentation, numbers. As the transport layer receives the
message to be sent from the session layer (layer 5), it divides it into
transmittable segments, indicating in the header the sequence of
the segments so that they can be reassembled upon receipt at the
destination. Figure 3.9 shows the relationship of the transport
layer to the network and session layers.

For added security, the transport layer may create a connection

between the two end ports. A connection is a single logical path
between the source and destination that is associated with all
packets in a message. Creating a connection involves three steps:
connection establishment, data transfer, and connection release.
Fig. 3-9 Transport layer
 By confining transmission of all packets to a single pathway, the
transport layer has more control over sequencing, flow, and
error detection and correction.

Specific responsibilities of the transport layer include the

following:
• End-to-end message delivery. Overseeing the transmission and
arrival of all packets of a message at the destination point.
• Service-point (port) addressing. Guaranteeing delivery of a
message to the appropriate application on a computer running
multiple applications.
• Segmentation and reassemble. Dividing a message into
transmittable segments, and marking each segment with a
sequence number. These numbers enable the transport layer to
reassemble the message correctly at the destination and to
identify and replace packets lost in transmission.
• Connection control. Deciding whether or not to send all packets
by a single path.
Example 3.3

Figure 3. 10 shows an example of a transport layer. Data coming

from the upper layers have service-point (port) addresses j and k (i
is the address of the sending application, and k is the address of the
receiving application). Since the data size is larger than the network
layer can handle, the data are split into two packets, each packet
retaining the service-point addresses (j and k). Then in the network
layer, network addresses (A and P) are added to each packet. The
packets may travel on different paths and arrive at the destination
either in order or out of order. The two packets are delivered to the
destination transport layer, which is responsible for removing the
network layer headers and combining the two pieces of data for
delivery to the upper layers.
Fig. 3-10 Transport layer (Example 3.3)
Session Layer

The session layer is the network dialog controller. It establishes,

maintains, and synchronizes the interaction between communicating
devices. It also ensures that each session closes appropriately rather
than shutting down abruptly and leaving the user hanging. For
example, imagine that a user wants to transfer a file of 200 pages.
What happens if the transfer is interrupted after only 52 pages?
When the problem is removed and the connection can be made
again, should the session be canceled and started all over from page
P Or should the large session be divided into sub-sessions (of, for
example, 10 pages each) so that a problem after page 52 results in
only the last two pages (51 and 52) being resent when the session is
restored? These issues are concerns of the session layer.
The session layer validates and establishes connections between
users. The data unit at this layer may carry the credentials of the host
seeking the connection, including password and log-in verification.
This is essential whenever a system allows remote access to files. The
session layer also controls the exchange of data: whether the
exchange occurs in both directions simultaneously or only one
direction at a time. If one way at a time, how should turns be taken?

Reliability at the session layer is created by dividing the session into

subsessions using checkpoints inserted into the stream. Checkpoints
allow a session to backtrack a certain distance without completely
starting over when problems occur (as in the file transfer example
above). Depending on the requirements of the specific transmission,
checkpoints can be either extremely important or ignored altogether.

The header for this layer includes control information such as the
type of the data unit being sent and synchronization point
information. The relationship of the session layer to the transport
and presentation layers is shown in Figure 3.13.
Fig. 3-11 Session layer
Specific responsibilities of the session layer include the following:

• Session management. Dividing a session into subsessions by the

introduction of checkpoints and separating long messages into
shorter units, called dialog units appropriate for transmission.
• Synchronization. Deciding in what order to pass the dialog
units to the transport layer, and where in the transmission to
require confirmation from the receiver.
• Dialog control. Deciding who sends, and when.
• Graceful close. Ensuring that the exchange has been completed
appropriately before the session closes.

Example 3.4

A computer needs to update a huge file (e.g. a database). The

session layer subdivides the tasks into different dialog units.
Presentation Layer

The presentation layer ensures interoperability among

communicating devices. Functions at this layer make it possible for
two computers to communicate even if their internal
representations of data differ (e.g., when one device uses one type
of code and the other uses another). It provides the necessary
translation of different control codes, character sets, graphics
characters, and so on to allow both devices to understand the same
transmission the same way.
The presentation layer is also responsible for the encryption and
decryption of data for security purposes and for the compression
and expansion of data when necessary for transmission efficiency.
Headers added at this layer include information on the type and
parameters of the transmission, and the length of the transmission.
Figure 3.12 shows the relationship between the presentation layer
and the application and session layers.
Fig. 3-12 Presentation layer
 Specific responsibilities of the presentation layer include the
following:

• Translation. Changing the format of a message from that used

by the sender into one mutually acceptable for transmission.
Then, at the destination, changing that format into the one
understood by the receiver.
• Encryption. Encryption and decryption of data for security
purposes.
• Compression. Compressing and decompressing data to make
transmission more efficient.
• Security. Validating passwords and log-in codes.

Example 3.5
The sending station uses an encryption algorithm (see Chapter
20****) to protect the data from eavesdropping. The encrypted
data are decrypted at the destination presentation layer before
being delivered to the application layer.
Application Layer

The application layer enables the user, whether human or software,

to access the network. It provides user interfaces and support for
services such as electronic mail, remote file access and transfer,
shared database management, and other types of distributed
information services.

The relationship of the application layer to the user and the

presentation layer is shown in Figure 3.13. Of the many application
services available, the figure shows only three,*X * 400 (message
handling services), X.500 (directory services), and FTAM (file
transfer.4nd access management). The user at this moment uses
X.400 to send an email message. Note that no headers or trailers are
added at this layer.
Fig. 3-13 Application layer
 Specific services provided by the application layer include the
following

• Network virtual terminal. A software version of a physical

terminal. A virtual terminal allows you to log on to a remote host.
To do so, the application creates a software emulation of a
terminal at the remote host. Your computer talks to the software
terminal, which in turn talks to the host, and vice versa. The
remote host believes it is communicating with one of its own
terminals and allows you to log on.
• File access, transfer, and management. Allows a user at a remote
computer to access files in another host (to make changes or read
data); to retrieve files from a remote computer for use in the local
computer; and to manage or control files in a remote computer at
that computer.
• Mail services. Provides the basis for electronic mail forwarding
and storage.
• Directory services. Provides distributed database sources and
access for global information about various objects and services.
Example 3.6

A user in Beijing, China, wants to send a large proprietary data file

to a station in Los Gatos, California. An application service such as
FTAM (file transfer and access management) can do the job.

Summary of Layer Functions

The functions of the seven layers are summarized in Figure 3.14.

Fig. 3-14 Summary of layer functions
Summary

• The International Standards Organization (ISO) has created a

seven-layer model called Open Systems Interconnection (OSI) to
facilitate the development of interactive systems.
• The physical layer coordinates the hardware and software
functions required to transmit a bit stream over a physical
medium. It deals with the mechanical and electrical
specifications of the primary connections.
• The data link layer is responsible for delivering frames from one
station to the next without errors. It provides error handling and
flow control between one station and the next.
• The network layer is responsible for the source-to-destination
delivery of a data packet. It handles switching and routing.
• The transport layer is responsible for source-to-destination (end-
to-end) delivery of the entire message from one application to
another.
• The session layer is the network dialog controller. It establishes,
maintains, and synchronizes the interaction between
communicating devices.
• The presentation layer ensures interoperability among
communicating devices. It provides the necessary translation of
different control codes, character sets, graphics characters, and
so on, to allow two devices to understand the same transmission
the same way.
• The application layer enables the user, whether human or
software, to access the network. It provides user interfaces and
support for services such as electronic mail, remote file access
and transfer, shared database management, and other types of
distributed information services.
 TCP/IP Protocols
3.0 Introduction
The transmission control protocol/internetworking protocol (TCP/IP) is a set of
protocols, or a protocol suite, that defines how all transmissions are exchanged
across the Internet. Named after its two most popular protocols, TCP/IP has
been in active use for almost 20 years and has demonstrated its effectiveness
on a worldwide scale.
3.1 Overview of TCP/IP
In 1969, a project was funded by the Advanced Research Project Agency
(ARPA). ARPA established a packet‑switching network of computers linked by
point‑to‑point leased lines called ARPANET that provided a basis for early
research into networking. The conventions developed by ARPA to specify how
individual computers could communicate across that network became TCP/IP.
As networking possibilities grew to include other types of links and devices,
ARPA adapted TCP/IP to the demands of the new technology, As involvement
in TCP/IP grew, the scope of ARPANET expanded until it became the
backbone of an internetwork today referred to as the Internet.
3.3.1 TCP/IP and the Internet
TCP/IP and the concept of internetworking developed together, each
shaping the growth of the other. We need to understand how TCP/IP
relates to the physical entity of any internet it serves.
An internet under TCP/IP operates like a single network connecting
many computers of any size and type. Internally, an internet (or, more
specifically, the Internet) is an interconnection of independent physical
networks (such as LANs) linked together by intemetworking devices.
Figure 3.1 shows the topology of a possible internet. In this example, the
letters A, B, C, and so on represent hosts. A host in TCP/IP is a computer.
The solid circles in the figure, numbered 1, 2, 3, and so on, are routers or
gateways. The larger ovals containing roman numerals (1, 11, 111, etc.)
represent separate physical networks.
To TCP/IP, the same internet appears quite differently (see again Figure
3.1). TCPAP considers all interconnected physical networks to be one huge
network. It considers all of the hosts to be connected to this larger logical
network rather than to their individual physical networks.
 Fig. 3.1 An Internet according to TCP/IP

3.3.2 TCP/IP and OSI

TCP was developed before OSI. Therefore, the layers in the TCP/IP
protocol do not match exactly with those in the OSI model. The TCP/IP
protocol is made of five layers: physical, data link, network, transport,
and application. The application layer in TCP/IP can be equated with the
combination of session, presentation, and application layers of the OSI
model.
At the transport layer, TCP/IP defines two protocols: TCP and UDP. At the
network layer, the main protocol defined by TCP/IP is IP, although there
are some other protocols that support data movement in this layer.
At the physical and data link layers, TCP/IP does not define any specific
protocol. It supports all of the standard and proprietary protocols. A
network in a TCP/IP internetwork can be a local area network (LAN), a
metropolitan area network (MAN), or a wide area network (WAN) as
shown in Fig. 3.2.
3.3.3 Encapsulation
Figure 3.2 also shows the encapsulation of data units at different layers of
the TCP/IP protocol suite. The data unit created at the application layer is
called a message. TCP or UDP creates a data unit that is called either a
segment or a user datagram. The IP layer in turn will create a data unit
called a datagram. The movement of the datagram across the Internet is the
responsibility of the TCPAP protocol.
 Fig. 3.2 TCP/IP and OSI Model

However, to be able to move physically from one network to another, the

datagram must be encapsulated in a frame in the data link layer of the
underlying network and finally transmitted as signals along the
transmission media.
3.2 Network Layer
At the network layer (or, more accurately, the internetwork layer),
TCP/IP supports the internetwork protocol (IP). IP, in turn, contains four
supporting protocols: ARP, RARP, ICMP, and IGMR Each of these
protocols is described in detail later in this chapter.
3.2.1 Internetwork Protocol (IP)
IP is the transmission mechanism used by the TCP/IP protocols. It is an
unreliable and connectionless datagram protocol ‑ a best ‑effort delivery
service. The term best‑effort means that IP provides no error checking or
tracking. IP assumes the unreliability of the underlying layers and does its
best to get a transmission through to its destination, but with no
guarantees. As we know, transmissions along physical networks can be
destroyed for a number of reasons. Noise can cause bit errors during
transmission across a medium; a congested router may discard a datagram
if it is unable to relay it before a time limit runs out; routing quirks can end
in looping and the ultimate destruction of a datagram; and disabled links
may leave no usable path to the destination.
If reliability is important, IP must be paired with a reliable protocol such
as TCP. An example of a more commonly understood best ‑effort delivery
service is the post office. The post office does its best to deliver the mail
but does not always succeed. If an unregistered letter is lost, it is up to the
sender or would‑be recipient to discover the loss and rectify the problem.
The post office itself does not keep track of every letter and cannot notify a
sender of loss or damage. An example of a situation similar to pairing IP
with a protocol that contains reliability functions is a self ‑addressed,
stamped postcard included in a letter mailed through the post office.
When the letter is delivered, the receiver mails the postcard back to the
sender to indicate success. If the sender never receives the postcard, he or
she assumes the letter was lost and sends out another copy.
IP transports data in packets called datagrams (described below), each of
which is transported separately. Datagrams may travel along different
routes and may arrive out of sequence or duplicated. IP does not keep
track of the routes and has no facility for reordering datagrams once they
arrive. Because it is a connectionless service, IP does not create virtual
circuits for delivery. There is no call setup to alert the receiver to an
incoming transmission.
The limited functionality of IP should not be considered a weakness,
however. IP provides bare­bones transmission functions that free the user to
add only those facilities necessary for a given application and thereby
allows for maximum efficiency.
3.2.3.1 Datagram
Packets in the IP layer are called datagrams. Figure 3.3 shows the IP
datagram format. A datagrarn is a variable‑length packet (up to 65,536
bytes) consisting of two parts: header and data. The header can be from 20
to 60 bytes and contains information essential to routing and delivery. It is
customary in TCPIP to show the header in four ‑byte sections. A brief
description of each field is in order.
• Version: The first field defines the version number of the IP. The current
version is 4 (IPv4), with a binary value of 0100.
• Header length (HLEN): The HLEN field defines the length of the
header in multiples of four bytes. The four bits can represent a number
between 0 and 15, which, when multiplied by 4, gives a maximum of 60
bytes.

Fig. 3.3 IP Datagram

• Service type: The service type field defines how the datagram should
be handled. It includes bits that define the priority of the datagram. It also
contains bits that specify the type of service the sender desires such as the
level of throughput, reliability, and delay.
• Total length: The total length field defines the total length of the IP
datagram. It is a two­byte field (16 bits) and can define up to 65,536 bytes.
• Identification: The identification field is used in fragmentation. A
datagram, when passing through different networks, may be divided into
fragments to match the network frame size. When this happens, each
fragment is identified with a sequence number in this field.
• Flags: The bits in the flags field deal with fragmentation (the datagrarn
can or cannot be fragmented; can be the first, middle, or last fragment;
etc.).
• Fragmentation offset: The fragmentation offset is a pointer that shows
the offset of the data in the original datagram (if it is fragmented).
• Time to live: The time to live field defines the number of hops a
datagram can travel before it is discarded. The source host, when it creates
the datagram, sets this field to an initial value. Then, as the datagram
travels through the Internet, router by router, each router decrements this
value by 3. If this value becomes 0 before the datagram reaches its final
destination, the datagrarn is discarded. This prevents a datagram from
going back and forth forever between routers.
• Protocol: The protocol field defines which upper‑layer protocol data are
encapsulated in the datagram (TCP, UDP, ICMP, etc.).
• Source address: The source address field is a four‑byte (32‑bit) Internet
address. It identifies the original source of the datagram.
• Destination address: The destination address field is a four‑byte
(32‑bit) Internet address. It identifies the final destination of the datagram.
• Options: The options field gives more functionality to the IP datagram. It
can carry fields that control routing, timing, management, and alignment.
3.2.3.2 Addressing
In addition to the physical addresses (contained on NICs) that identify
individual devices, the Internet requires an additional addressing
convention: an address that identifies the connection of a host to its network.
Each Internet address consists of four bytes (32 bits), defining three fields:
class type, netID, and hostID. These parts are of varying lengths, depending
on the class of the address (see Figure 3.4).

An Internet Address is made of four bytes (32 bits)

that define a host’s connection to a network.
Class Type NetID HostID

Figure 3.4 Internet Address

3.2.3.3 Classes
To accommodate the vast numbers of addresses required for global
interconnectivity, the class type fields vary in length. There are currently five
different field length patterns in use, each defining a class of address. The
different classes are designed to cover the needs of different types of
organizations.

Figure 3.5 Network Classes

For example, class A addresses are numerically the lowest. They use
only one byte to identify class type and netID, and leave three bytes
available for hostID numbers. This division means that class A
networks can accommodate far more hosts than can class B or class
C networks, which provide two‑ and one‑byte hotID fields
respectively. Currently both class A and class B are full. Addresses
are available in class C only.
Class D is reserved for multicast addresses. Multicasting allows
copies of a datagram to be passed to a select group of hosts rather
than to an individual host. It is similar to broadcasting, but, where
broadcasting requires that a packet be passed to all possible
destinations, multicasting allows transmission to a selected subset.
Class E addresses are reserved for future use. Figure 3.5 shows the
structure of each class of IP address.
To make the 32‑bit form shorter and easier to read, Internet addresses are
usually written in decimal form with decimal points separating the bytes.
Figure 3.6 shows the bit pattern and decimal formats of a possible address.

Fig. 3.6 IP Addresses in Decimal Notation

Looking at the first byte of an address in decimal form allows us to

determine at a glance to which class a particular address belongs (see
Figure 3.7).
3.2.3.3A Nodes with More Than One Address
As we have said, an internet address defines the node's connection to its
network. It follows, therefore, that any device connected to more than one
network (e.g., any router) must have more than one internet address. In
fact, a device has a different address for each network connected to it.
3.2.3.3B A Sample Internet
An internet address specifies both the network to which a host belongs
(netID) and the host itself (hostID). Figure 3.8 gives an example of an
internet made up of LANs (two Ethernets and a token ring are illustrated).
The addresses are all class B. Routers are indicated by circles containing Rs.
Gateways are indicated by boxes containing Gs. Each has a separate address
for each of its connected networks.

another computer is shown with

addresses on two networks. The
figure also shows the network
addresses in boldface. A network
address is the netID with the hostID
part set to Os. The three network
addresses in the figure are
129.8.0.0, 165.3.0.0, and
Fig. 3.7 Class Ranges
145.42.0.0. of Internet Addresses
Figure 23.8 Network and hosts addresses in a network
3.2.3.3C Other Protocols in the Network Layer
TCP/IP supports four more protocols in the network layer: ARP, RARP, and
lCMP.
3.2.3.3D Address Resolution Protocol (ARP)
The address resolution protocol (ARP) is used to associate an IP address with
the physical address. On a typical physical network, such as a LAN, each
device on a link is identified by a physical or station address usually imprinted
on the network interface card (NIC).
Physical addresses have local jurisdiction and can be changed easily. For
example, if the NIC on a particular machine fails, the physical address
changes. The IP addresses, on the other hand, have universal jurisdiction and
cannot be changed. ARP is used to find the physical address of the node when
its Internet address is known.
Anytime a host, or a router, needs to find the physical address of another host
on its network, it formats an ARP query packet that includes the IP address
and broadcasts it over the network (see Figure 3.9).
Figure 3.9 Address Resolution Protocol
Every host on the network receives and processes the ARP packet, but only the
intended recipient recognizes its internet address and sends back its physical
address. The host holding the datagram adds the address of the target host both
to its cache memory and to the datagram header, then sends the datagram on its
way.
3.2.3.3E Reverse Address Resolution Protocol (RARP)
The reverse address resolution protocol (RARP) allows a host to discover its
internet address when it knows only its physical address. The question here is,
Why do we need RARP? A host is supposed to have its internet address stored
on its hard disk!
Answer: True, true. But what if the host is a diskless computer? Or what if the
computer is being connected to the network for the first time (when it is being
booted)? Or what if you get a new computer but decide to keep the old NIC?
RARP works much like ARP. The host wishing to retrieve its internet address
broadcasts an RARP query packet that contains its physical address to every
host on its physical network. A server on the network recognizes the RARP
packet and returns the host’s internet address.
3.2.3.3F Internet Control Message Protocol (ICMP)
The internet control message protocol (ICMP) is a mechanism used by hosts
and gateways to send notification of datagram problems back to the sender.
As we saw above, IP is essentially an unreliable and connectionless protocol.
ICMP, however, allows IP to inform a sender if a datagram is undeliverable. A
datagram travels from gateway to gateway until it reaches one that can deliver
it to its final destination. If a gateway is unable to route or deliver the datagram
because of unusual conditions (disabled links, or the device is on fire) or
because of network congestion, ICMP allows it to inform the original source.
ICMP uses echo test/reply to test whether a destination is reachable and
responding. It also handles both control and error messages, but its sole
function is to report problems, not correct them. Responsibility for correction
lies with the sender.
Note that a datagram carries only the addresses of the original sender and the
final destination. It does not know the addresses of the previous router(s) that
passed it along. For this reason, ICMP can send messages only to the source,
not to an intermediate router.
3.3 Transport Layer
The transport layer is represented in TCPAP by two protocols: TCP and
UDR Of these, UDP is the simpler; it provides nonsequenced transport
functionality when reliability and security are less important than size
and speed. Most applications, however, require reliable end ‑to ‑end
delivery and so make use of TCP.
The IP delivers a datagram from a source host to a destination host,
making it a host‑to‑host protocol. Today's operating systems, however,
support multiuser and multiprocessing environments. An executing
program is called a process. A host receiving a datagram may be running
several different concurrent processes, any one of which is a possible
destination for the transmission. In fact, although we have been talking
about hosts sending messages to other hosts over a network, it is actually
a source process that is sending a message to a destination process.
The transport protocols of the TCPAP suite define a set of conceptual
connections to individual processes called protocol ports or, more simply,
ports. A protocol port is a destination point (usually a buffer) for storing
data for use by a particular process. The interface between processes and
their corresponding ports is provided by the operating system of the host.
The IP is a host‑to‑host protocol, meaning that it can deliver a packet from
one physical device to another. TCP/IP's transport level protocols are
port‑to‑port protocols that work on top of the IP protocols to deliver the
packet from the originating port to the IP services at the start of a
transmission, and from the IP services to the destination port at the end
(see Figure 3.10).
Each port is defined by 4 positive integer address carried in the header of a
transport layer packet. An IP datagram uses the host's 32 ‑bit internet
address. A frame at the transport level uses the process port address of 16
bits, enough to allow the support of up to 65,536 (00000 to 65536) ports.
transport level uses the process port address of 16 bits, enough to allow the
support of up to 65,536 (00000 to 65535) ports.
User Datagram Protocol (UDP)
The user datagram protocol (UDP) is the simpler of the two standard TCP/IP
transport protocols. It is an end‑to‑end transport level protocol that adds
only port addresses, checksurn error control, and length information to the
data from the upper layer. The packet produced by the UDP is called a user
datagram (see Figure 23.11). A brief description of fields is in order.
• Source port address: The source port address is the address of the
application program that has created the message.
• Destination port address. The destination port address is the address of
the application program that will receive the message.,
• Total length: The total length field defines the total length of the user
datagram in bytes.
• Checksurn: The checksurn is a 16‑bit field used in error detection.
UDP provides only the basic functions needed for end ‑to ‑end delivery of a
transmission. It does not provide any sequencing or reordering functions,
and cannot specify the damaged packet when reporting an error (for which it
must be paired with ICMP). UDP can discover that an error has occurred;
ICMP can then inform the sender that a user datagram has been damaged
and discarded. Neither, however, has the ability to specify which packet has
been lost. UDP contains only a checksum; it does not contain an ID or
sequencing number for a particular data segment.
Transmission Control Protocol (TCP)
The transmission control protocol (TCP) provides full transport layer
services to applications. TCP is a reliable stream transport port ‑to ‑port
protocol. The term stream, in this context, means connection ‑oriented: a
connection must be established between
both ends of a transmission before either may transmit data. By creating this
connection, TCP generates a virtual circuit between sender and receiver that
is active for the duration of a transmission. (Connections for the duration of
an entire exchange are different, and are handled by session functions in
individual applications.) TCP begins each transmission by alerting the
receiver that more datagrams are on their way (connection establishment)
and ends each transmission with a connection termination. In this way, the
receiver knows to expect the entire transmission rather than a single packet.
IP and UDP treat multiple datagrams belonging to a single transmission as
entirely separate units, unrelated to each other. The arrival of each datagram
at the destination is therefore a separate event, unexpected by the receiver.
TCP, on the other hand, is responsible for the reliable delivery of the entire
stream of bits contained in the data unit originally generated by the sending
application. Reliability is ensured by provision for error detection and
retransmission of damaged frames; all segments must be received and
acknowledged before the transmission is considered complete and the
virtual circuit is discarded.
At the sending end of each transmission, TCP divides long transmissions
into smaller data units and packages each into a frame called a segment.
Each segment includes a sequencing number for reordering after receipt,
together with an acknowledgment ID number and a window ‑size field for
sliding window ARQ. Segments are carried across network links inside of IP
datagrams. At the receiving end, TCP collects each datagram as it comes in
and reorders the transmission based on sequence numbers.
The TCP Segment
The scope of the services provided by TCP requires that the segment header
be extensive (see Figure 23.12). A comparison of the TCP segment format
with that of a UDP user datagram shows the differences between the two
protocols. TCP provides a comprehensive range of reliability functions but
sacrifices speed (connections must be established, acknowledgments waited
for, etc.). Because of its smaller frame size, UDP is much faster than TCP,
but at the expense of reliability. A brief description of each field is in order.
Source port address: The source port address defines the application
program in the source computer.
Destination port address: The destination port address defines the
application program in the destination computer.
Sequence number: A stream of data from the application program may be
divided into two or more TCP segments. The sequence number field shows
the position of the data in the original data stream.
Acknowledgment number: The 32‑bit acknowledgment number is used to
acknowledge the receipt of data from the other communicating device. This
number is valid only if the ACK bit in the control field (explained later) is
set. In this case, it defines the byte sequence number that is next expected.
Header length (HLEN). The four‑bit HLEN field indicates the number of
32‑bit (four‑byte) words in the TCP header. The four bits can define a
number up to 15. This is multiplied by 4 to give the total number of bytes in
the header. Therefore, the size of the header can be a maximum of 60 bytes
(4 x 15). Since the minimum required size of the header is 20 bytes, 40
bytes are thus available for the options section.
Reserved: A six‑bit field is reserved for future use.
Control: Each bit of the six‑bit control field functions individually and
indepeddently. A bit can either define the use of a segment or serve as a
validity check for other fields. The urgent bit, when set, validates the urgent
pointer field. Both this bit and the pointer indicate that the data in the
segment are urgent. The ACK bit, when set, validates the acknowledgment
number field. Both are used together and have different functions,
depending on the segment type. The PSH bit is used to inform the sender
that a higher throughput is needed. If possible, data must be pushed through
paths with higher throughput.The reset bit is used to reset the connection