OSI Layers

[Qacer]

I am curious about the layering principle used in networking applications. I've been hearing people throwing terms such as IP application or Ethernet application. I was trying to picture it, but somehow I still have some gaps.

I especially get confused when someone says "this application communicates via Layer 3" or "this application uses Layer 2 Ethernet." My confusion lies mainly in the OSI order. In my view, in order for Layer 3 transactions to occur it must go thru a Layer 2 exchange, so technically isn't "communicating via Layer 3" actually also doing so on Layer 2?

Also, when it says that an application uses Ethernet, then how does Layer 3 fit into this? Does the application message get encapsulated directly into an Ethernet frame (i.e. skipping layers)?

Thanks!

 

[Cogman]

For the first question, when someone says "This communicates on layer x" They mean that it doesn't communicate on a higher level. That means that, yes, it is going to go through the lower layers of the OSI model, however, it isn't using the higher layers. It would be redundant to say "This application communicates on layers 5, 4, 3, 2, 1 of the OSI model" every time you said that. Now, if someone says "This Application ONLY uses layer 3" Then they are full of crap (You can't escape layer 1 baby!)

AFAIK, there is no skipping levels, when you use level x, you use all levels below x.

And for the last question, If someone says "This application uses Ethernet" That is just as vague as saying "This device uses USB". Saying that you are using the Ethernet really doesn't mean a whole lot, other then to let you know something should be coming out of your network card.

http://en.wikipedia.org/wiki/OSI_model

A good read that pretty much explains everything.

 

[spikespiegal]

Or, more cynically stated, the OSI model is pretty much not understood by anybody who thinks installing a software firewall prevents malicious software from infecting your PC.

 

[her209]

Take for example an IP router. Its often referred to as a layer 3 device because it looks and only cares about the destination IP address. It doesn't care what the sending/receiving MAC address is nor does it care what transport method (TCP/UDP) is being used. A switch does the same thing but at layer 2. It doesn't care about IP address.

EDIT: I should add that there are such things as layer 3 switches, but trying to keep this simple.

 

[Qacer]

Let's say I have a simple LAN. It's a hub-and-spoke configuration. I also have an application running on all workstations. The application is like an IM messenger, but it functions like a global messaging system. Any messages that I send will be received by all the workstations. Using TCP/IP as my reference model, how does the message go thru the layers if I don't need IP functionality? If I write the application and I want to hard code a broadcast MAC address, how will a TCP/IP stack handle my application message?

 

[Mark R]

Originally posted by: Qacer
Using TCP/IP as my reference model, how does the message go thru the layers if I don't need IP functionality? If I write the application and I want to hard code a broadcast MAC address, how will a TCP/IP stack handle my application message?

If you use TCP/IP, then your application will prepare a TCP/IP stream or UDP/IP datagram and deliver it to the IP stack which is providing services at level 4.

The stack will internally prepare the IP packet (level 3), perform the ARP lookup (level 2), before handing over to your ethernet driver which performs the frame building (level 2 MAC sublevel), and finally to the ethernet hardware which transmits the signal over the wire (level 1).

If you don't need IP services, then you don't use the IP stack. Indeed, most implementations of IP (e.g. based upon the BSD distribution) don't provide low-level access (e.g, there's no application level access to things like MAC addresses - these are for internal use).

If you want to send to a specific MAC address, then you either need to use a network or data link level service that supports it (e.g. the now defunct IPX protocol), or the appropriate OS function for access to the ethernet MAC sublevel.

 

[BarkingGhostar]

For the first question, when someone says "This communicates on layer x" They mean that it doesn't communicate on a higher level. That means that, yes, it is going to go through the lower layers of the OSI model, however, it isn't using the higher layers. It would be redundant to say "This application communicates on layers 5, 4, 3, 2, 1 of the OSI model" every time you said that. Now, if someone says "This Application ONLY uses layer 3" Then they are full of crap (You can't escape layer 1 baby!)

AFAIK, there is no skipping levels, when you use level x, you use all levels below x.

And for the last question, If someone says "This application uses Ethernet" That is just as vague as saying "This device uses USB". Saying that you are using the Ethernet really doesn't mean a whole lot, other then to let you know something should be coming out of your network card.

http://en.wikipedia.org/wiki/OSI_model

A good read that pretty much explains everything.

Explain L2TP. What is happening on, say, Layer-4? Also, let's take the frame of reference of PPP as it is tunneled.

 

[Gargen]

Explain L2TP. What is happening on, say, Layer-4? Also, let's take the frame of reference of PPP as it is tunneled.

In this case, there are two "layer 4"s as there are essentially two stacks. You have the stack that the information is actually travelling across the network on and the separate stack that is inside the PPP that the application sees. From the outside (the actual network's perspective), it looks like a layer 5 protocol. From the inside (the application's perspective) it looks like a layer 2 protocol. Layer 4, on both ends, can be any protocol and works the same.

For example, lets say you have a VPN connection over your home internet connection to your work network (assuming your work network uses TCP/IP) and you are accessing your exchagne server.

Your outlook client/windows will build the entire stack, including all of the typical TCP/IP information as if it were connected directly to your work network, but instead of handing it off to internet connection at layer 2, it will hand it off to the PPP as layer 2. The PPP will then rebuild the stack (from layer 5 down) with the appropriate TCP/IP info to get your informaiton over your home internet conenction to your work PPP server. The server will then unpack the incoming stack to get the stack that was packaged up by outlook/windows on your home computer and send it off to the exchange server (remember that your home computer packaged it as if it were connected to your work network).

In both stacks, layer 4 (TCP/UDP) is used exactly the same as any other time.

 

[ScottMac]

The layering is just a method to standardize functionality such that a process at any level will know how and who to pass traffic to, and receive traffic from.

It permits coexistence of multiple protocols at most layers, and provides a way of determining which traffic goes to which process (software ports and sockets, for example).

Some layers can have sub-layers. For example, in a T1 connection through a carrier, there are many devices involved in getting the signal from one side of the cloud to the other, but the actual T1 signaling (pulses on copper) is layer one. It doesn't matter what the traffic is on the T1 (voice, channel signaling, HDLC, Frame Relay ...) the devices that move that T1 signal have their own layer-like strategy and protocols, and can be complex, but it's all still layer one (per OSI).

Layer two tends to be the first organization of the raw signaling. Layer two tends to speak in terms of "framing" or frames of traffic (Ethernet Frames, Token Ring Frames, Frame-Relay Frames, HDLC Frames ...). Layer two also gnenrally refers to "local" protocols ... or traffic within a specific basic domain (Ethernet uses Broadcast Domain)

Layer three provides methods for moving the traffic beyond the "local" and permits traffic passing from domain to domain (for IP, network to network, subnet to subnet, or between network and subnet). For example, NETBIOS/NETBEUI (the old LANMAN networking) was a layer two protocol ... there was no place in the frame to put a network address beyond the "local" domain. To overcome this limitation (once networking developed the need to go beyond the local segment), NETBIOS/NETBEUI was adapted (NbT) to use the TCP/IP suite to permit addressing beyond the local segment and out to "the world" using the layer three addressing capability of IP.

Layer four is generally describes as using "segments" of data ... a logical chunkification of the larger stream of data from the higher layers that also describes things like whether the transmission will be "reliable" connection-oriented (like TCP) or "unreliable" (like UDP) ... the difference being that TCP requires acknowledgment from the receiver and allows for re-transmission of missing chunks (that's the "reliable" part) and UDP just sends and forgets ... if traffic is lost there's no way to track it (at this layer, some of the suite applications, like TFTP, track the data chunks at a higher layer).

Layers five, six, and seven all deal with the formatting, presentation, and organization of the data, interact with the operator/user/controlling process/application.
Stuff like crypto, language and character sets, and high level control of the information flow happen at the higher layers.

If you want to really get into the nuts & bolts, check out the TCP/IP books by Doug Comer. Even though it's specific to TCP/IP, he covers the layers conceptually in-depth.
It's certainly one of, if not THE, best book (actually three, possible more by now) covering the topic.

Standard disclaimers apply: Some information may have been bent, folded, spindled, or mutilated to permit brevity and simplification. Protocol sacks and layers can get pretty complicated pretty quick.

Good Luck