Section 1
What is the OSI Model?
When you open a website, a lot happens between your laptop and Google's server. The OSI model is just a way of breaking that "a lot" into 7 smaller jobs, with each job handled by a different "layer".
Think of it like a company
Imagine a company that ships packages. One person designs the box, another puts the item in it, someone else tapes it shut, another sticks the address label, another hands it to the courier, and finally a truck driver takes it on the road. Seven people, seven jobs, one parcel arrives.
The OSI model does the same thing for data travelling over a network. Each of its 7 layers does one job and passes the work to the next.
Why do you need to know it?
- Every networking conversation uses this vocabulary — "L4 load balancer", "L7 firewall", "L3 routing".
- When something breaks, the first question is: which layer? DNS? TCP? TLS? HTTP?
- It's asked in almost every backend / SRE / DevOps interview.
Small heads-up
The real internet doesn't run OSI — it runs the simpler TCP/IP model (4 layers). But OSI is the language everyone speaks. So learn OSI, use its words.
Section 2
How to Remember All 7 Layers
There are two classic sentences people use. Each word starts with the first letter of a layer.
⬇️ From Top to Bottom (L7 → L1)
All
People
Seem
To
Need
Data
Processing
A → Application (7)
P → Presentation (6)
S → Session (5)
T → Transport (4)
N → Network (3)
D → Data Link (2)
P → Physical (1)
⬆️ From Bottom to Top (L1 → L7)
Please
Do
Not
Throw
Sausage
Pizza
Away
P → Physical (1)
D → Data Link (2)
N → Network (3)
T → Transport (4)
S → Session (5)
P → Presentation (6)
A → Application (7)
Rule of thumb
Layer 1 is closest to the cable. Layer 7 is closest to you. Data travels down the layers on the sender, across the wire, then up the layers on the receiver.
Section 3
All 7 Layers at a Glance
Each layer works with a specific chunk of data called a PDU (Protocol Data Unit) — just a fancy name for "what the chunk of data is called at this layer".
7
Application
Data
HTTP · DNS · SMTP · FTP · gRPC
6
Presentation
Data
TLS/SSL · JPEG · UTF-8 · JSON
5
Session
Data
NetBIOS · RPC · SOCKS
4
Transport
Segment / Datagram
TCP · UDP · port numbers
3
Network
Packet
IP · ICMP · Routers
2
Data Link
Frame
Ethernet · MAC · Switches
1
Physical
Bit
Cables · Wi-Fi · Hubs
Layer 1
Physical — The Wires and Radio Waves
The lowest layer. Its only job is to move raw 0s and 1s from one device to another, as electrical signals, light pulses, or radio waves.
L1
Physical
PDU: Bit
Think of it as the road. It doesn't know what the trucks are carrying — it just has to be smooth enough that things can travel on it.
Everyday analogy: Your laptop's Wi-Fi card turning 1010... into radio waves is like you speaking out loud — you're just producing signals. What the signals mean is somebody else's problem.
Examples
Ethernet cable, fiber optic cable, Wi-Fi, Bluetooth, USB, coaxial TV cable
Devices
Cables, hubs, repeaters, Wi-Fi antennas, the radio chip in your phone
What it decides
What voltage = 1, what voltage = 0, how fast bits can flow, what connector shape to use
What it doesn't know
Anything about MAC, IP, or HTTP. It's the most clueless layer — on purpose.
Layer 2
Data Link — Talking to Your Neighbours
Layer 2 groups those raw bits into frames and delivers them between two devices that are directly connected — like your laptop and your home Wi-Fi router.
L2
Data Link
PDU: Frame
It introduces the MAC address — a 12-character ID burnt into every network card at the factory. Think of it as a device's serial number. It never changes.
Everyday analogy: You shouting your cousin's name across the room so only they hear you. MAC addresses work the same way — they only matter in the same room (the local network). Once the message has to leave the building, they're useless.
Protocols
Ethernet, Wi-Fi (802.11), ARP, VLAN
Devices
Switches, Wi-Fi access points, network cards
Address it uses
MAC address like 00:1A:2B:3C:4D:5E — unique per device, never changes
Its range
Only the local network. A MAC address can't help data cross a router.
A frame is just bits with a wrapper:
┌──────────┬─────────┬─────────┬────────┬──────────┬─────┐
│ Preamble │ Dst MAC │ Src MAC │ Type │ Payload │ CRC │
└──────────┴─────────┴─────────┴────────┴──────────┴─────┘
"hey!" to from kind actual error
whom? whom? of content check
Layer 3
Network — Finding Any House in the World
Layer 3 is how data gets from your home network to Google's data centre — across cities, countries, oceans. It uses IP addresses and a job called routing.
L3
Network
PDU: Packet
If Layer 2 is "hand the package to your neighbour", Layer 3 is "ship the package to an address anywhere on Earth". Routers at each stop look at the destination IP and pick the next road to put the package on.
Everyday analogy: An IP address is like your home's postal address. The post office doesn't know your street personally — it just forwards the letter to the next sorting centre that does. Each router works the same way: "not mine, pass it to the next one closer".
Protocols
IPv4, IPv6, ICMP (used by ping), OSPF, BGP
Devices
Routers, L3 switches
Address it uses
IPv4 like 192.168.1.10, IPv6 like 2001:db8::1. Can change (e.g., when you connect to a new Wi-Fi).
Key limitation
Best-effort delivery — the packet might get lost, arrive late, or out of order. L3 just tries, no guarantees.
Layer 4
Transport — Delivering to the Right App
So the packet arrived at your laptop. But your laptop runs lots of apps — Chrome, Spotify, Slack. Which one gets it? That's Layer 4's job, using port numbers.
L4
Transport
PDU: Segment (TCP) / Datagram (UDP)
Layer 4 also decides how data flows: does every byte need to arrive in order? Or is it OK to lose some? That's the TCP vs UDP choice.
Everyday analogy: If the IP address is your home's postal address, the port number is the apartment number. "Building 142 (IP), apartment 443 (HTTPS)". Without it, the mail carrier wouldn't know which apartment to knock on.
| Feature | TCP | UDP |
|---|
| Analogy | Like a phone call — you confirm the other person is there before talking | Like a text message — send and hope it arrives |
| Reliability | Guaranteed — lost bits are re-sent | Not guaranteed — lost bits stay lost |
| Order | Bytes arrive in order | No order guarantee |
| Speed | Slower (more checks) | Fast (no checks) |
| Used for | Web (HTTP/HTTPS), email, file transfer, SSH | Video calls, gaming, DNS, live streaming |
Ports worth knowing
22 SSH · 53 DNS · 80 HTTP · 443 HTTPS · 3306 MySQL · 6379 Redis · 27017 MongoDB
"L4 load balancer" means
A load balancer that spreads traffic by IP + port. Doesn't read URLs. Fast but less smart. (AWS NLB, HAProxy TCP)
Layer 5
Session — Starting and Ending Conversations
A session is one continuous conversation between two apps. This layer opens it, keeps track of it, and closes it when done.
L5
Session
PDU: Data
If the network hiccups for a second, Layer 5 remembers where you were so you don't start from scratch — that's called checkpointing.
Everyday analogy: A phone call. You say "Hello" (session starts), chat for a while, and say "Bye" (session ends). If the call drops, you redial and continue from where you left off — that's what session state lets you do.
Examples
Logging into a database, an SSH session, a long file upload that can resume
Protocols
NetBIOS, RPC, SIP (used for VoIP calls), SMB
In real life
Modern apps (HTTP, gRPC) handle session stuff themselves with cookies / tokens / WebSocket connections.
Key idea
Checkpointing — pick up where you left off if the network blips.
Layer 6
Presentation — The Translator
Your computer and Google's server might store data in different formats. Layer 6 is the translator — plus it handles encryption (privacy) and compression (size).
L6
Presentation
PDU: Data
Three jobs:
- → Translate — turn the app's data into a common format (UTF-8 text, JSON, Protobuf).
- → Encrypt — scramble the data so snoopers in the middle can't read it (TLS / SSL).
- → Compress — squeeze the data smaller so it moves faster (gzip, Brotli).
Everyday analogy: You're writing a letter in English to a friend in France. Layer 6 is the translator turning your words into French, sealing them in a tamper-proof envelope (encryption), and folding the paper to use a smaller envelope (compression).
Encryption
TLS / SSL — turns HTTP into HTTPS. Keeps passwords / credit cards safe from eavesdroppers.
Compression
gzip, Brotli — a 10 KB JSON response often becomes 2 KB on the wire.
Text encoding
UTF-8 (for emoji, Hindi, Chinese text), ASCII (old English-only format).
Image / media
JPEG, PNG, GIF, MP3 — these are all presentation formats.
Where does TLS actually sit?
Strictly by the book, TLS is Layer 6. In real life, people often say "TLS sits between L4 and L7". Both answers get accepted in interviews — the important part is that TLS encrypts before the data hits transport.
Layer 7
Application — What Your App Speaks
The top layer. This is where the protocols you already know live — HTTP for web, SMTP for email, DNS for looking up domain names.
L7
Application
PDU: Data
It's the layer your code talks to every day. When you do fetch('https://api.example.com'), you're working at Layer 7. Everything below is invisible.
Everyday analogy: You walk into a restaurant and the waiter says "Welcome! What would you like?" That's Layer 7 — the friendly, human-facing conversation. You never see the kitchen (L6), the delivery truck that brought the ingredients (L3), or the farm they came from (L1).
Web & APIs
HTTP, HTTPS, HTTP/2, HTTP/3, WebSocket, gRPC, GraphQL
Email
SMTP (send), IMAP & POP3 (retrieve)
Files & remote access
FTP, SFTP, SSH, Telnet, RDP
Infra protocols
DNS (domain → IP lookup), DHCP (get an IP automatically), NTP (time sync)
L7 devices
API Gateways, L7 load balancers (AWS ALB, Nginx), Web Application Firewalls (WAFs)
Why "L7 routing" is useful
Only at L7 can you say "/api/users goes here, /api/orders goes there". L4 doesn't see URLs.
Section 11
The Postal Analogy — Putting It All Together
Here's the full journey: you're sending a photo to your friend via a web app. Each OSI layer is a step in packing and shipping it.
SENDING (your laptop) RECEIVING (friend's phone)
───────────────────── ────────────────────────
L7 Write the letter ◀── L7 Read the letter
(your HTTP request) (see the photo)
L6 Translate + seal in envelope ── L6 Open envelope, translate back
(encrypt with TLS, compress) (decrypt, decompress)
L5 Say "Dear friend, how are you" ── L5 "Doing great, thanks!"
(start a session) (continue the session)
L4 Write apartment number ── L4 Deliver to the right apartment
(TCP, port 443) (port 443 = Chrome)
L3 Write city + country on envelope ── L3 Read destination address
(IP address) (yep, that's me)
L2 Hand to your local mailman ── L2 Local mailman drops it off
(Ethernet frame to router) (final building's mail room)
L1 Put in mail truck on the road ── L1 Off the truck, in the bin
(bits on the Wi-Fi / cable) (bits back into the NIC)
By the time your 100-byte HTTP request hits the Wi-Fi, it's wrapped in TLS, TCP, IP, and Ethernet headers — about 220 bytes total. Each layer added its own "envelope" without touching what's inside.
One golden rule
Each layer only cares about its own envelope. Layer 3 routers have no idea what HTTP request is inside the packet — they just forward it. That's why separation of concerns makes the internet work.
Section 12
OSI vs TCP/IP — What the Internet Actually Uses
OSI has 7 layers. The real internet collapses them into 4. Same ideas, fewer boxes.
| OSI Layer | TCP/IP Layer | What Lives There |
|---|
| 7 · Application | Application | HTTP, DNS, FTP, SMTP |
| 6 · Presentation | TLS, JPEG, UTF-8 |
| 5 · Session | Handled by the app itself (cookies, tokens) |
| 4 · Transport | Transport | TCP, UDP, QUIC |
| 3 · Network | Internet | IP, ICMP, ARP |
| 2 · Data Link | Link | Ethernet, Wi-Fi |
| 1 · Physical | Cables, radio |
Simple takeaway
TCP/IP says "L5, L6, L7 — that's all just the app's problem". Modern protocols like HTTPS already handle encryption (TLS), sessions (cookies), and translation (JSON) inside themselves, so separate layers aren't needed.
Section 13
Interview Q&A
The most common OSI questions asked in interviews, with short, plain-English answers.
List all 7 layers of OSI, top to bottom.
Application → Presentation → Session → Transport → Network → Data Link → Physical. Remember with: All People Seem To Need Data Processing.
Difference between a switch, a router, and a hub?
Hub (L1) — dumb. Blasts every bit to every port. Nobody uses them any more. Switch (L2) — smart. Learns MAC addresses and sends data only to the right port. Router (L3) — connects different networks using IP addresses. Your home Wi-Fi box is usually both a switch and a router in one.
Which layer handles encryption?
Officially Layer 6 (Presentation) — that's where TLS / SSL lives. In real life people say "TLS sits between L4 and L7". Both answers work.
L4 vs L7 load balancer — what's the difference?
L4 LB — works with IP + port. Doesn't read URLs. Fast. Examples: AWS NLB, HAProxy in TCP mode. L7 LB — understands HTTP. Can route by URL / header / cookie. Slower but smarter. Examples: AWS ALB, Nginx, Envoy.
MAC address vs IP address?
MAC — your device's permanent ID, burnt into the network card at the factory. Only useful on the local network. IP — your device's current address on the internet. Changes when you move to a new Wi-Fi. MAC is who you are; IP is where you are right now.
Which layer does a firewall work at?
Depends on the type. Basic firewalls work at L3/L4 (block by IP + port). Stateful firewalls remember open connections. Web Application Firewalls (WAFs) work at L7 — they read HTTP requests and block stuff like SQL injection.
Why does the real internet use only 4 layers instead of 7?
Because L5, L6, and L7 do similar things and modern app protocols (HTTPS, gRPC) handle all three themselves. So TCP/IP just combines them into one "Application" layer. Simpler in practice.
When should I use UDP instead of TCP?
When speed matters more than reliability. Examples: video calls (a lost frame is fine, but a delay is awful), online gaming, DNS lookups, live streams. For anything where every byte must arrive (web pages, payments, file downloads), use TCP.
What happens at each layer when you type www.google.com?
L7: browser makes an HTTP GET. L6: TLS encrypts it. L5: session started with the server. L4: TCP wraps it, adds port 443, does the 3-way handshake. L3: IP wraps it with Google's IP + yours. L2: your Wi-Fi router wraps it in an Ethernet frame. L1: bits go out over Wi-Fi. The server unwraps in reverse order.
What is ARP and which layer is it at?
ARP (Address Resolution Protocol) is how your computer asks "hey, whoever has IP 192.168.1.1 — what's your MAC address?" It bridges L3 (IP) and L2 (MAC). Most books place it at L2; some at L3. Either is accepted.
One-Line Summary
OSI = 7 layers, each with one job: L1 moves bits, L2 delivers to your neighbour, L3 routes across the internet, L4 hands it to the right app, L5 runs the conversation, L6 translates & encrypts, L7 is what your app actually speaks.