(This is from my MBA Networking class project paper focusing on use case approach of looking at IT networking. I bolded key terms that should make this easier to look up terms.)
Let’s examine how the OSI 7 network layers works with a very popular internet application - the web browser! Pretend that you want to browse cnn.com on Firefox browser. You are on a laptop that we can call a client. Starting from the top of the network layer, let's see how the layers work together to provide you with a web browser application.
Using an (7) APPLICATION such as Mozilla Firefox web browser to visit the Universal Resource Locator (URL) http://www.cnn.com, where a URL is a type of Universal Resource Identifier (URI). Firefox browser knows that you are using Hypertext Transport Protocol (HTTP) because your prefaced the request with http, not other URI such as FTP (ftp://ftp.synopsys.com) or FILE (file:///yourpc). Another application example is Spotify music streaming.
To ensure a secure web browsing connection, Hypertext Transport Protocol Secure (HTTPS) is used instead of HTTP. HTTP uses Transport Layer Security (TLS) or the older Secure Socket Layer (SSL) to encrypt data between your browser and the web server. The data is encrypted by using using session keys (keys that expire after browsing is done). The encryption uses X.509 Public Key Infrastructure (PKI). Transport Layer Security (TLS) allows the client (your browser) and the server (the web server ... let's say BankOfBits) to talk to each other securely. Using X.509 Public Key Infrastructure, the client connects to the server first, and the server provides a certificate. The client checks that the server certification is authentic by checking on its own trusted roots (sources that can look at the server certificate and give the ok that it is BankOfBits). Once the client knows that the server is safe, the client creates a SESSION KEY, encrypt it using the server’s public key, then sends the encrypted session key to the server. The server will use its private key to decode the encrypted session key. The client will start sending encrypted data using the session key, which the server will decrypt with the same session key.
The (5) SESSION and (6) PRESENTATION layers are not germane to discussion. Some of the functionality might be shifted into the APPLICATION layer (such as TLS/SSL).
The (4) TRANSPORT layer uses Transmission Control Protocol (TCP), which is a connection based protocol (as opposed to User Datagram Protocol (UDP), a connectionless protocol). TCP is responsible for taking the email data from the application and keep trying until the email is sent reliably (CRC, checksum) and in order (flow control), or not sent via the network layer. TCP keeps track of the packets sent, numbers them so that it can keep the packets in order on the receiving side, as for a packet resend if packets are dropped, checks that the packets are not corrupted (using checksum, hashing). UDP is more simple than TCP because it does not track sequence of the packets nor the corruptness of the packets. UDP is used for streaming of music or video - where dropping some packets is ok. A TCP segment consists of a TCP header and a TCP payload. A TCP header contains information such as source port, destination port, sequence number (to support connection based protocol). Many common services deploys fixed port numbers. For example, FTP uses port 20 or 21, Secure Shell (SSH) uses port 22, telnet uses port 23, Simple Mail Transfer Protocol (SMTP) uses port 25. New services such as Spotify (streaming music) uses port 4047, either TCP (connection) or UDP (connection-less). Port numbers will be relevant in the firewall section.
In the (3) NETWORK layer, the email server uses Internet Protocol (IP) to try to forward the email data by finding the best route to the next most available server/hop. Internet Protocol Security (IPSec) is used to encrypt data at the IP/network layer. Once the next network node (forwarding address) is known, the email data is broken down into little frames defined by the data link layer. The IP dictates how many individual devices can be addressed. IPv4 can address 32-bit of range, equating to about 4 billion addresses. That is not enough for the new age of IOT. So IPv6 was introduced, which has an address range of 128 bits. An IP Packet is comprised of a packet header and packet data. The packet header contains information such as source IP address, destination IP address, time-to-live, etc.
The (2) DATA LINK layer is serves two basic functionality : Logic Link Control (LLC) and Media Access Control (MAC). In the LLC, data is encapsulated into Ethernet Frames. Each Ethernet Frame contains a SFD, source MAC address, destination MAC address, payload, FCD, etc. The MAC is responsible for ensuring that the frames are sent, is correct (check sum), and controls access to the media (CSMA/CD). The little frames of data is finally passed to the real world via the physical layer.
The (1) PHYSICAL layer, which can be wired (Ethernet, USB, Optical, …) or wireless (Wifi, GSM, Blutooth, …). Most of us are probably reading this over a Wifi wireless network that is adopting IEEE 802.11g/n/ac protocol.
No comments :
Post a Comment