Understanding the OSI Model

International Organization for Standardization (ISO) began developing the Open Systems Interconnection (OSI) reference model in 1977. OSI has since become the most widely accepted model for understanding network communication; once you understand how the OSI model works, you can use it to compare network implementations on different systems.

When you want to communicate with another person, you need to have two things in common: a communication language and a communication medium. Computer networks are no different; for communication to take place on a network composed of a variety of different network devices, both the language and the medium must be clearly defined. The OSI model (and networking models developed by other organizations) attempts to define rules that cover both the generalities and the specifics of networks:

• How network devices contact each other and, if they have different languages, how they communicate with each other
  

• Methods by which a device on a network knows when to transmit data and when not to transmit it

• Methods to ensure that network transmissions are received correctly and by the right recipient

• How the physical transmission media is arranged and connected

• How to ensure that network devices maintain a proper rate of data flow

• How bits are represented on the network media

The OSI model isn’t a product. It’s just a conceptual framework you can use to better understand the complex interactions taking place among the various devices on a network. It doesn’t do anything in the communication process; appropriate software and hardware do the actual work. The OSI model simply defines which tasks need to be done and which protocols will handle those tasks at each of the seven layers of the model. The seven layers are as follows:

• Application (layer 7)

• Presentation (layer 6)

• Session (layer 5)

• Transport (layer 4)

• Network (layer 3)

• Data-Link (layer 2)

• Physical (layer 1)

Protocol Stacks

The OSI model splits communication tasks into smaller pieces called subtasks. Protocol implementations are computer processes that handle these subtasks. Specific protocols fulfill subtasks at specific layers of the OSI model. When these protocols are grouped together to complete a whole task, the assemblage of code is called a protocol stack. The stack is just a group of protocols, arranged in layers, that implements an entire communication process. Each layer of the OSI model has a different protocol associated with it. When more than one protocol is needed to complete a communication process, the protocols are grouped together in a stack. An example of a protocol stack is TCP/IP, which is widely used by Unix and the Internet—the TCP and IP protocols are implemented at different OSI layers.


Each layer in the protocol stack receives services from the layer below it and provides services to the layer above it. It can be better explained like this: layer N uses the services of the layer below it (layer N – 1) and provides services to the layer above it (layer N + 1). For two computers to communicate, the same protocol stacks must be running on each computer. Each layer on both computers’ stacks must use compatible protocols in order for the machines to communicate with each other. The computers can have different operating systems and still be able to communicate if they are running the same protocol stacks. For example, a DOS machine running IP can communicate with a Macintosh machine running IP (see Figure 1.1).


When sending data, each layer in the OSI model places its own information onto the data as it passes down the stack in a process called encapsulation. Encapsulation takes place when each layer adds its own header and sometimes trailer information onto the data. When the data is received, it works its way back up the protocol stack, and the corresponding layer of the protocol stack reads this information.


The Physical Layer

The Physical layer is responsible for using electric (or sometimes other types of) signaling to get bits from one computer to another. Physical layer components don’t care what the bits mean ; their job is to get the bits from point A to point B, using whatever kind of optical, electrical, or wireless connection that connects the points. This level defines physical and electrical details, such as what will represent a 1 or a 0, how many pins a network connector will have, and when the network adapter can or cannot transmit the data (see Figure 1.2).


The Physical layer addresses all the small details of the actual physical connection between the computer and the network medium, including the following:

• Network connection types, including multipoint and point-to-point connections.

• Physical topologies, or how the network is physically laid out (for example, bus, star, or ring).

• Which analog and digital signaling methods are used to encode data in the analog and digital signals.

• Bit synchronization, which deals with keeping the sender and receiver in sync as they read and write data.
  

• Multiplexing, or the process of combining several data channels into one.

• Termination, which prevents signals from reflecting back through the cable and causing signal and packet errors. It also indicates the last node in a network segment.

The Data-Link Layer

The Data-Link layer provides for the flow of data over a single physical link from one device to another. It accepts packets from the Network layer and packages the information into data units called frames; these frames are presented to the Physical layer for transmission. The Data-Link layer adds control information, such as the frame type, to the data being sent.

This layer also provides for the error-free transfer of frames from one computer to another. A cyclic redundancy check (CRC) added to the data frame can detect damaged frames, and the
Data-Link layer in the receiving computer can request that the CRC information be present so
that it can check incoming frames for errors. The Data-Link layer can also detect when frames are lost and request that those frames be sent again.

In broadcast networks such as Ethernet, all devices on the LAN receive the data that any device transmits. (Whether a network is broadcast or point-to-point is determined by the network protocols used to transmit data over it.) The Data-Link layer on a particular device is responsible for recognizing frames addressed to that device and throwing the rest away, much as you might sort through your daily mail to separate good stuff from junk. Figure 1.3 shows how the Data-Link layer establishes an error-free connection between two devices.

The Institute of Electrical and Electronics Engineers (IEEE) developed a protocol specification known as IEEE 802.X. (802.2 is the standard that divides this layer into two sublayers. The Media Access Control layer, more commonly called the MAC layer, varies depending on the network type and is described further in standards 802.3 through 802.5.) As part of that specification (which today we know as Ethernet), the Data-Link layer is split into two sublayers:

• The Logical Link Control (LLC) layer establishes and maintains the logical communication links between the communicating devices.
  

• The Media Access Control (MAC) layer acts like an airport control tower—it controls the way multiple devices share the same media channel in the same way that a control tower regulates the flow of air traffic into and out of an airport.

Figure 1.4 illustrates the division of the Data-Link layer into the LLC and MAC layers.


The Network Layer

The Network layer handles moving packets between devices. It makes routing decisions and forwards packets as necessary to help them travel to their intended destination. In larger networks, there may be intermediate devices and subnetworks between any two end systems. The network layer makes it possible for the Transport layer (and layers above it) to send packets without being concerned with whether the end system is on the same piece of network cable or on the other end of a large wide area network.

To do its job, the Network layer translates logical network addresses into physical machine addresses (MAC addresses, which operate at the Data-Link layer). The Network layer also determines the quality of service (such as the priority of the message) and the route a message will take if there are several ways a message can get to its destination.

The Network layer also may split large packets into smaller chunks if the packet is larger than the largest data frame the Data-Link layer will accept. The Network layer reassembles the chunks into packets at the receiving end.

Intermediate systems that perform only routing and relaying functions and do not provide an environment for executing user programs can implement just the first three OSI network layers. Figure 1.5 shows how the Network layer moves packets across multiple links in a network.


The Network layer performs several important functions that enable data to arrive at its destination. The protocols at this layer may choose a specific route through an internetwork to avoid the excess traffic caused by sending data over networks and segments that don’t need access to it. The Network layer serves to support communications between logically separate networks. This layer is concerned with the following:

• Addressing, including logical network addresses and service addresses

• Circuit, message, and packet switching

• Route discovery and route selection

• Connection services, including Network layer flow control, Network layer error control, and packet sequence control

• Gateway services

The Transport Layer

The Transport layer ensures that data is delivered error-free, in sequence, and with no losses or duplications. This layer also can break large messages from the Session layer into smaller segments to be handed down to the Network layer and sent to the destination computer; it then reassembles segments into messages to be presented to the Session layer. The Transport layer can send an acknowledgment to the originator for messages received (as in Figure 1.6). Most of these services are optional and are not required in the implementation of all Transport layer protocols. The one feature common to all protocols at the Transport layer is upper-layer protocol multiplexing, allowing multiple higher-layer protocol flows to operate simultaneously.

In terms of TCP/IP, this means you could, for example, navigate to a website and download a file at the same time.

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are examples of protocols that exist at the Transport layer.


The Session Layer

The Session layer allows applications on separate computers to share a connection called a session. This layer provides services that allow two programs to find each other and establish the communication link, such as name lookup and security. The Session layer also provides for data synchronization and check pointing so that in the event of a network failure, only the data sent after the point of failure would need to be re-sent. This layer also controls the dialogue between two processes and determines who can transmit and who can receive at what point during the communication (see Figure 1.7).


NetBIOS, RPC, Named Pipes, PPTP, and SQL are examples of protocols on the Session layer.


The Presentation Layer

The Presentation layer translates data between the formats the network requires and the formats the computer expects. The Presentation layer performs protocol conversion; data translation, compression, and encryption; character set conversion; and the interpretation of graphics commands.

The network redirector, long a part of Windows networking, operates at this level. The redirector is what makes the files on a file server visible to the client computer. The network redirector also makes remote printers act as though they were attached to the local computer. Figure 1.8 shows the Presentation layer’s role in the protocol stack.

Graphic formats such as PICT, TIFF, and JPEG are examples of Presentation layer protocols.


The Application Layer

The Application layer is the topmost layer of the OSI model, and it provides services that directly support user applications, such as database access, email, and file transfers. It also allows applications to communicate with applications on other computers as though they were on the same computer. When a programmer writes an application that uses network services, this is the layer the application will access. For example, Internet Explorer uses the Application layer to make its requests for files and web pages; the Application layer then passes those requests down the stack, with each succeeding layer doing its job (as in Figure 1.9).

File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Simple Mail Transfer
Protocol (SMTP), and others are examples of protocols at the Application layer.

Network Protocol Basics

Protocols are nothing more than an agreed-upon way for two objects (people, computers, home appliances, and so on) to exchange information. There are protocols at various levels in the OSI model. In fact, it is the protocols at a particular level in the OSI model that provide that level’s functionality. Protocols that work together at one or more layers of the OSI model are known as a protocol stack or protocol suite. The following sections explain how network protocols move data between machines.


How Protocols Work

A protocol is a set of basic steps two or more parties perform according to a predefined or agreed-upon set of standards. A good example of a protocol that follows some unwritten but largely agreed-upon standards is a telephone conversation. When one person places a phone call, they dial the number of another party. The person on the other end answers the phone and says something akin to “Hello,” at which point the calling party responds with a similar greeting. The conversation ensues from there. When the conversation is complete, each party (usually) ends the call with some parting words such as “Good-bye.” This telephone call followed a routine protocol:

1. Say “Hello.”
2. Converse.
3. Say “Goodbye.”

In the realm of computers, a protocol follows the same concept. A protocol is a set of predefined standards that both computers must perform in the right order. For instance, for one computer to send a message to another computer, the first computer must perform the steps given in the following general example:

1. Break the data into small sections called packets (or segments, or another name depending on the layer involved).
2. Add addressing information to the packets, identifying the destination computer.
3. Deliver the data to the network card for transmission over the network.

The receiving computer must perform these steps:

1. Accept the data from the network adapter card.
2. Remove the transmitting information that was added by the transmitting computer.
3. Reassemble the packets of data into the original message.


Protocols and Binding

Many different protocol stacks can perform network functions, and many different types of network interface cards can be installed in a computer. A computer may have more than one card, and a computer may use more than one protocol stack at the same time.

The binding process is what links the protocol stack to the network device driver for the network interface adapter. Several protocols can be bound to the same card. In addition, one computer with several interface adapters—for instance, a server that must be able to communicate with both a local area network and a network backbone—can have the same protocol bound to two or more network cards.


Determining Connections

Communication between computers can be arranged in two ways:

• Using connectionless protocols

• Using connection-oriented protocols

It’s important to understand the differences between them because different Windows Server 2008 services use both types.


Connectionless Protocols

It might seem odd to talk about a connectionless protocol for networks, but you use at least two of them just about every day: radio and television. Connectionless systems assume that all data will get through, so the protocol doesn’t guarantee delivery or correct packet ordering. Think of shouting a message out of your window to someone walking by outside—there’s no guarantee that they’ll hear you, but it’s quick and easy. These optimistic assumptions mean that there’s no protocol overhead spent on these activities, so connectionless protocols tend to be fast. The User Datagram Protocol (UDP), which is part of the IP protocol suite, is an example of a connectionless Internet transport protocol. In fact, IP itself is connectionless, relying on upper-layer protocols such as TCP to provide the connection. The Domain Name System uses the UDP protocol.


Connection-Oriented Protocols

Connection-oriented systems work more like your telephone—you have to dial a number and establish a connection to the other end before you can send a message. Connection-oriented protocols pessimistically assume that some data will be lost or disordered in most transmissions. They guarantee that transmitted data will reach its destination in the proper sequence and that all data will get through. To accomplish this, connection-oriented protocols that also are considered reliable retain the transmitted data and negotiate for a retransmission when needed. Once all the needed data has arrived at the remote end, it can be reassembled into its proper sequence and passed to the higher-level protocols. This means that any application can depend on a connection-oriented transport to reliably deliver data exactly as it was transmitted. TCP is an example of a reliable connection-oriented Internet protocol. Frame Relay is an example of an unreliable connection-oriented protocol. Unreliable does not imply undependable. It just means that the protocol does not support the retransmission of lost or errored data.

For local area systems where data isn’t likely to be dropped, it makes sense to push serialization and guaranteed delivery up to higher-level protocols that are less efficient because they won’t be used often anyway. But in wide area networks like the Internet, it would simply take too much time for higher-level protocols to sort out what data had been sent and what was missing, so the transport protocol takes measures to guarantee that all the data gets through in order.

Windows Network Models

Windows Peer-to-Peer Network

In a Microsoft Windows peer-to-peer network (also referred to as a workgroup) all computers on the network are equal. All computers (also referred to as nodes) simultaneously act as both clients and servers. This is an advantage for small networks that have 12 or fewer users.

New Features of Windows Peer-to-Peer Network

Windows Vista includes some of the following enhancements to the Windows peer-to-peer network:
People Near Me This new Windows Vista feature provides four important services:

• Discovery of users on the same subnet

• Ability to invite users to an application

• Publication of objects

• Contact management through the use of the Windows Address Book

Windows Peer-to-Peer Network Scenario

Imagine you are planning a network for a small real-estate office with five realtors. Should you set up a client/server-based network and spend money on a powerful machine, Windows 2008 Server, client access licenses (CALs), and a consultant who knows how to set up a Microsoft Active Directory domain? Or should you set up a Microsoft Windows peer-to-peer network? With a peer-to-peer network, all Windows Vista or XP Professional machines can be linked with each other through a small hub, and all users can share resources across the network (see Figure 1.14).


A Microsoft Windows peer-to-peer model has some disadvantages. All data is stored on individual workstations, and the local workstation’s owner controls the security. Each user needing to log onto a machine in a peer-to-peer network must have a local username and password.

Returning to our example, let’s suppose the real-estate office grows to employ 12 realtors.
Each realtor needs to be able to log onto any machine in the network:

12 users × 12 computers = 144 user accounts that need to be created


Windows Server 2008 Active Directory Network

IT departments for companies are responsible for maintaining the security of the company’s information. This involves planning for, implementing, and managing various network resources. Servers, workstations, and routers are common infrastructure devices that are used to connect users with the information they need to do their jobs. In all but the smallest environments, the effort required to manage each of these technological resources can be great.

That’s where Windows Server 2008 and Microsoft Active Directory come in. Active Directory is a data store that allows administrators to manage various types of information within a single distributed database. This is no small task, but many features of this directory services technology allow it to meet the needs of organizations that are small or large in size.

In its most basic definition, a directory is a repository that records information and makes it available to users. The overall design goal for Active Directory is to create a single centralized repository of information that administrators can work with to securely manage a company’s user accounts, security, applications, and more.

An Active Directory setup consists of one or more domains. A domain is a logical grouping of objects within your organization. Objects within a domain do not have to be physically located near each other.

Active Directory’s features include the following:

Hierarchical organization

Active Directory is based on a hierarchical layout. Through the use of various organizational components (or objects), a company can create a network management infrastructure and directory structure that mirrors the business organization. For example, if a company called Stellacon.com had several departments (such as sales and human resources), the directory services model could reflect this structure through the use of various objects within the directory (see Figure 1.15). Stellacon.com could then organize its users into the appropriate department containers.

The directory structure can efficiently accommodate the physical and logical aspects of information resources, such as access to other databases, user permissions, and computers.
Active Directory also integrates with the network naming service, the DNS. The DNS provides for the hierarchical naming and location of resources throughout the company and on
the public Internet.


Centralized data storage

All the information within Active Directory resides within a single, distributed, data repository. Users and systems administrators can easily access the information they need wherever they may be within the company. This is one of the most important design goals of the directory service—to provide a secure and centralized location for all your data. The benefits of centralized data storage include reduced administrative requirements, less duplication, higher availability, and increased visibility and organization of data.


Ease of administration

To accommodate various business models, Active Directory can be configured for centralized or decentralized administration. This gives network and systems administrators the ability to delegate authority and responsibilities throughout the organization while still maintaining security. They allow for making companywide changes with just a few mouse clicks.

Network security

Through the use of a single logon and various authentication and encryption mechanisms, Active Directory can facilitate security throughout an entire enterprise. Through the process of delegation, higher-level security authorities can grant permissions to other administrators. For ease of administration, objects in the Active Directory tree inherit permissions from their parent objects. Application developers can take advantage of many of these features to ensure that users are identified uniquely and securely. Network administrators can create and update permissions as needed from within a single repository, thereby reducing the chances of an inaccurate or outdated configuration.