OSI Model: 7 Layers

Цели урока

• Explain the purpose of each of the 7 OSI layers
• Understand encapsulation and decapsulation
• Name the correct PDU at each layer
• Use the OSI model as a systematic debugging framework

October 2021. Facebook goes dark for 6 hours - not just the website, but WhatsApp, Instagram, and the internal tools that control physical door access. Engineers cannot enter the buildings because the badge readers run on the same infrastructure. Root cause: BGP route withdrawals at L3 made the entire network unreachable from the outside. One routing layer failure. 3.5 billion users affected. The OSI model is the map that tells engineers which floor is on fire.

• **Incident triage**: "ping works but the site won't open" immediately rules out L1-L3. The problem lives at L4-L7 - that cuts the search space in half
• **Cloudflare Workers** operate at L7 - HTTP processing with no access to lower layers. This is why a Worker cannot see the real client IP behind CGNAT without special headers
• **Kubernetes CNI plugins** (Calico, Cilium, Flannel) solve L2/L3 routing between pods. Different CNIs operate at different OSI layers with different tradeoffs
• **Wireshark** - the primary network debugging tool - presents captured traffic as an OSI layer stack, collapsing and expanding each level
• **TLS/HTTPS** sits between L4 and L7: TCP connection at L4, HTTP at L7, encryption in between. An expired certificate is an L5-L6 problem, not an L3 routing failure

Charles Bachman and the birth of OSI

In 1977, Charles Bachman - inventor of the first database management system and a future Turing Award winner - led the ISO working group on network standards. The challenge was as political as it was technical: IBM, DEC, Honeywell, and Siemens were pulling in incompatible directions. Seven years of iteration produced the OSI model in 1984. The historical irony: OSI itself lost the competitive war to TCP/IP, which was simpler and already running on ARPANET. But OSI's terminology - 7 layers, PDU, encapsulation - became the industry's universal vocabulary for the next four decades.

Предварительные знания

• Why Networks Exist

Why the OSI model exists

The 1970s. Every manufacturer had its own protocols. IBM gear could not talk to DEC gear. DEC could not talk to Honeywell. A corporate network mixing two vendors was a guaranteed failure. ISO took on what looked like an impossible task: a single common language for all networked devices. The result arrived in 1984 - the **OSI model** (Open Systems Interconnection).

OSI is a **reference model**, not a specific technology. It describes "what should happen" rather than "how exactly to implement it". Real protocols (TCP/IP) deviate from it - and always have.

Each layer solves exactly one problem and provides a service to the layer above. The physical layer transmits bits. The data link layer delivers frames between neighbors. The network layer routes packets across the internet. Cloudflare Workers operate at L7. Cloudflare's anycast routing operates at L3. When Facebook's BGP routes vanished in October 2021 and a third of the internet disappeared for 6 hours - that was an L3 incident. Knowing which layer broke narrows the search space by a factor of seven.

Layer abstraction

The core idea of OSI is **separation of concerns**. Each layer operates without knowledge of the others' internals. It consumes services from the layer below and provides services to the layer above. This is the abstraction that lets a Kubernetes pod in a Google datacenter send data through 15 intermediate routers and a submarine cable - knowing nothing about any of them.

Abstraction makes **component replacement** possible without rewriting the entire stack. Ethernet swaps for Wi-Fi 6E - the application does not notice. Fiber swaps for 5G - the same. HTTP/3 replaces TCP with QUIC as the transport - browsers accept this transparently. This is what clean layer separation produces.

The analogy in software is an API: call `send(data)` and the mechanism of delivery is not the caller's concern. It might travel through fiber, a Starlink satellite link, or a corporate MPLS tunnel. The abstraction contains that complexity below the interface.

Data encapsulation

As data travels down the OSI layers, each layer **adds its own header**. This is **encapsulation** - wrapping data in envelopes carrying addresses and control metadata. On the receiving side, the reverse process - **decapsulation** - occurs: each layer strips its header and passes the payload upward until the application receives the original message.

Encapsulation is a one-way mirror at every boundary: each layer looks only at its own header. An Ethernet switch reads only the L2 MAC addresses - it never opens the IP packet, let alone the TCP segment. This is the same principle that makes VPN tunnels work: they add yet another encapsulation layer on top of an existing one, hiding the inner packet from intermediate routers.

Headers carry critical data: MAC addresses (L2), IP addresses (L3), port numbers (L4), checksums, control flags. Wireshark visualizes exactly this stack, one layer at a time. The overhead is real: on a 1500-byte Ethernet frame, at least 54 bytes are consumed by L2/L3/TCP headers alone before a single byte of application data appears.

PDU: data at each layer

At each OSI layer, data carries a different name. **PDU** (Protocol Data Unit) is the generic term for a chunk of data at a specific layer. Mixing up this terminology in a technical interview or a postmortem report is a reliable signal that the mental model is shallow.

PDU sizes are bounded. An Ethernet frame cannot exceed 1518 bytes (or 9000 for Jumbo Frames). If an IP packet exceeds the MTU, it fragments. This matters in production: cloud environments (AWS, GCP) frequently run into VXLAN tunnels with an effective MTU of 1450, breaking applications that assume 1500. MTU Path Discovery failure is one of the most common subtle networking bugs in containerized environments.

Key ideas

• **OSI model** - a 7-layer reference framework created by ISO in 1984 to standardize incompatible networks
• **Layer abstraction**: each layer sees only its neighbor's interface - which is why Wi-Fi can replace Ethernet without touching the browser
• **Encapsulation** - each layer prepends its header on send and strips it on receive
• **PDU terminology**: bits (L1), frames (L2), packets (L3), segments (L4) - this vocabulary is required for Wireshark, tcpdump, and engineering interviews
• **Real networks** use the 4-layer TCP/IP model, but OSI terminology remains the standard language for troubleshooting
• **MTU 1500 bytes** - the Ethernet frame limit that drives IP fragmentation and causes subtle bugs in cloud and container environments

What's next

The OSI model is the map. Next: a detailed walkthrough of each layer from the bottom up, starting where bits become signals:

• Physical Layer — L1 - how bits become electrical signals, light pulses, or radio waves
• Data Link Layer — L2 - MAC addresses, Ethernet switching, and movement within a segment
• TCP Basics — L4 - reliable delivery, the three-way handshake, and flow control

Вопросы для размышления

• If ping to a server works but the site won't open - which OSI layers could contain the problem?
• Why does replacing a network cable with Wi-Fi require no changes in the browser?
• How does understanding encapsulation help reason about how VPN tunnels work?

Связанные уроки

• net-01-intro — Core networking concepts and motivation for the stack
• net-03-physical — Physical layer is the first of seven - detailed breakdown next
• net-15-tcp-basics — TCP lives at the transport layer (L4) of OSI
• net-23-https-tls — TLS implements L5-L6 functions in a real-world stack
• alg-01-big-o — Layered abstraction - the same separation-of-concerns principle
• bt-02-osi-tcp