Using the ISO’s model to map a TCP/IP network

The Open Systems Interconnect (OSI) model is a theoretical framework the International Organization for Standardization (ISO) developed to organize networking functions into a series of layers. This model is important because it fosters modular protocol development and open systems (i.e., protocols from various sources that can communicate with each other for effective networking). Not every network uses all the model’s layers; ISO’s intent in creating the OSI model wasn't to describe every network but to give protocol designers a map to follow to aid in interoperable protocol design.

The OSI model doesn’t reflect a perfect division of networking functions; you can’t map existing protocols into the model and have those protocols fit neatly into each division. However, this model is useful for conceptualizing networking components—how the pieces of your system, from the cable through Network Neighborhood, fit together to help the computers on your network communicate.

So how does the OSI model relate to Windows NT network communications? In this article, I’ll review each level of the OSI model. Then, I’ll examine protocols you’re likely to encounter in NT networking and discuss where those protocols fit in the OSI model and how they cooperate to create a working NT network.

A Tour of the OSI Model
Starting from the bottom layer, the OSI model describes how the pieces of a network work together from the physical connections up to the applications. Figure 1 shows the OSI model. Information from each layer passes up to the next layer, so that a protocol operating at a given layer can access all the information the protocols operating below it collect or prepare. For example, you don’t have to tell a file-sharing protocol that the network runs on Category 5 cable.

Physical: Network Cable
The lowest common denominator in a network is the kind of cable it uses, such as copper, fiber, or wireless communications. The cable addresses the problem of how to get raw bits from point A to point B. The type of cable you use determines the top speed physically available on the network. However, the top speed can be logically limited, which is why Category 5 unshielded twisted pair works for both 10Mbps Ethernet and 100Mbps Ethernet. The type of cable also determines how far the network segment can extend before the signal wears out.

Data Link: Basic Network Communications
Networks use the data link layer to establish virtual channels between a sender and a recipient. At the data link level, the protocol packages the data into frames that contain source and destination addresses. These frames refer to the physical hardware address (i.e., the address burned into the network card, rather than the address the user assigns to the software) of each network card attached to the network cable. Ethernet, Token Ring, and ARCnet are examples of data link protocols.

If your network is a simple LAN, it’s probably running Ethernet as its data link protocol. Ethernet is a complex protocol that requires an in-depth description; however, to save space, I’ll outline only Ethernet’s basic characteristics:

  • Ethernet broadcasts data to the entire network, but only the node to which the data are addressed hears the broadcast transmissions.
  • Only one node can transmit data at a time. Before beginning a transmission, a node listens to the network to ensure that it’s clear. If the network is clear, the node begins transmission. If the network is busy, the node waits a few microseconds, then listens again.
  • If two nodes try to transmit data at the same time, a collision occurs and each node stops, waits a predetermined period, then retries the transmission. The system randomly generates the length of the wait period so the chance of a second collision is reduced.

Ethernet isn’t the only data link protocol available for NT networks. If you’re running applications from an NT 4.0 Terminal Server Edition machine, your network uses either Terminal Server’s Remote Desktop Protocol (RDP) or Citrix MetaFrame’s Independent Computing Architecture (ICA) protocol. These protocols download instructions on how GUI images are created from the application server to the client and how users upload input from the client to the application server. The system encapsulates this information data stream within the data link display protocol your network uses; however, the network requires RDP and ICA for flow control and error checking.

If communication extends beyond the LAN onto the Internet, the network might use other data link protocols, such as Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP). NT supports both protocols, but PPP is the preferred protocol for online communication because it’s faster than SLIP, natively supports error correction, and is self-configuring.

PPP is a connection-oriented protocol that encapsulates multiple protocol packets so that all the packets can travel across the same link at the same time. PPP contains three parts: one part encapsulates the protocol into generic PPP packets with a header that identifies the network protocol type; a second part creates the connection; and a third part handles any special conditions unique to that protocol, such as resolving IP addresses to hardware addresses.

To create a PPP connection, both ends of the connection send each other link control packets to establish the link. After they establish a link, both ends handle authentication (e.g., a password) if required for that connection. When both ends have authenticated the connection, the appropriate network control protocol for the network-layer protocol type (e.g., IP or IPX) configures the PPP packets and opens the link. After the network control protocol opens the link, PPP carries packets to their destination until the network protocol closes the link.

Network: Address Mapping and Data Routing
ISO put network-layer protocols, such as IP and IPX, at the network level of the OSI model. In this layer, the network assigns software addresses and sends packets to those software addresses. The network also makes routing decisions at the network layer.

Mapping Physical Addresses to IP Addresses. Network-layer protocols use logical addresses, rather than the physical addresses the manufacturer burns into the network card. However, lower-level protocols such as Ethernet, Token Ring, ICA, and Fiber Distributed Data Interface (FDDI), use physical addresses to move information from point A to point B. How does the network reconcile these two addresses?

One option is for the systems administrator to maintain a static table of IP addresses and their related hardware addresses. However, updating and editing static lists is time-consuming: whenever you change an IP address, you have to update the list on each machine.

Another alternative is periodic broadcasts of logical and physical address mappings. This method permits dynamic updates, but contributes unnecessary network traffic.

A third alternative, which the authors of the IP-over-Ethernet standard strongly recommend, is to use dynamic discovery with the Address Resolution Protocol (ARP). Node A broadcasts ARP Request packets over the network looking for a specific IP address. Node B has the matching IP address Node A is broadcasting and responds with an ARP Reply packet that contains Node B’s physical address. After Node A receives the reply, it adds the mapping to its ARP table. Node B also resolves the IP and Ethernet mapping and adds it to its ARP table. Thus, if Node B needs to communicate with Node A, Node B doesn’t need to send an ARP Request packet—it already has that information. ARP entries expire if a node doesn't use them, or when you reboot the machine. However, for frequently accessed addresses, the entries speed the process of resolving network layer addresses to data link layer addresses.

Routing Data. IP is the portion of the TCP/IP suite of protocols that’s responsible for getting data from point A to point B on the network. This protocol doesn’t initiate action, but it's called on by a transport layer protocol such as TCP to send data, after an application-level operation prompts TCP.

As a network-layer protocol, IP’s main functions are assigning software addresses to datagrams and breaking down large datagrams for transport across networks that require small packets. Network-layer transmissions are completely connectionless—IP establishes no explicit connection between sender and recipient, and packets arrive at their destination in no particular order. The only error detection implemented at the network layer is a header checksum that’s part of the IP datagram. If the checksum value doesn’t match when an IP transmission is complete, the Internet Control Message Protocol (ICMP) reports the problem back to the sender so that the sender can order another transmission.

IP addresses identify the node to which the network addresses a datagram and the segment of the network on which the node resides. The reason for this two-tiered design is simple: IP’s designers intended IP for use on WANs spread across the United States, and the designers couldn’t assume that an address was on the local segment. This two-tiered system means that the network can use the same addressing system for both local and remote addresses—the only difference is whether the network routes the datagrams.

Other protocols enable routers to determine the best path for data to take from point A to point B. Two of the protocols that NT supports are the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) protocol. RIP is mechanically simple: Routers announce their current status to the other routers every 30 seconds. The network number and subnet mask identify routes to a given network. The router assumes routes are valid for as long as 180 seconds and stores these routes in a routing table. If the router doesn’t update a route for 6 of these 180-second periods, the router removes the route from the routing table. The routing table lists only one route to each network, so lower-cost (i.e., routes with fewer hops or shorter times) routes supersede existing ones. To minimize network traffic, routers share their routing tables with the routers next to them. This setup means routers several hops away from each other must wait for routing tables to trickle through their neighbors before the information reaches them. For example, Router 5 will eventually receive the contents of Router 10’s routing table, as the updates trickle down from Router 10’s network.

OSPF announces itself with a Hello packet as each router on an internetwork starts, and at regular intervals thereafter. The routers one hop away hear this Hello and note the router’s presence. At intervals, each router announces its state to the other routers in the internetwork, which lets all the routers in the internetwork determine which routers are functioning and how busy they are.

The other routers take this router status and route table information and run algorithms on it to determine the lowest cost path to a particular network. Network number and subnet mask identify this route. After the router determines the lowest-cost path, the router lists the router leading to that path in the routing table. If more than one valid path with the same metric is available, then the router will use all available paths, distributing traffic among them to even out network use. This setup contrasts to RIP, which maintains only one path from each source to each destination. To keep from monopolizing network bandwidth, routers using OSPF share their routing tables with only the routers adjacent to them, but share their state with the entire internetwork.

Transport: Managing Application to Network Communication
Network-layer protocols such as IP and IPX decide which route is most efficient at any given time, but these protocols aren’t concerned with making sure that the data reaches its destination. That job is the responsibility of protocols operating at the transport layer. At this layer of the OSI model, the network corrects errors and resends data. Transport-layer protocols are most important when the network’s physical structure (e.g., WANs) isn’t dependable.

TCP operates mainly at the transport layer but has some session-layer properties. TCP acts as a go-between for applications and the network-layer protocol. As with other transport-layer protocols, TCP’s function is error correction for the network-layer protocols. This responsibility includes ordering IP datagram resends in case of timeouts or other errors before the network delivers the original datagrams. TCP doesn’t package and send data; it handles interprocess communications so that IP datagrams have error control. The network sends TCP packets within IP datagrams.

UDP operates at the transport layer and is another important part of the TCP/IP suite. The network uses UDP for program-to-program communication and supports applications such as NetBIOS name resolution. Like TCP, UDP depends on IP.

Session: Identifying and Connecting to Network Resources
Protocols at the session layer are responsible for communication between systems, such as remote procedure calls (RPCs), printer errors, and NetBIOS information. When hardware needs to speak with remote hardware, it communicates with a session-layer protocol.

NetBIOS is the standard API for services such as locating resources on the network, establishing connections, sending and receiving data, and breaking connections. NetBEUI, which is an extended set of NetBIOS commands with networking support built in, supports NetBIOS natively. However, to access NetBIOS services, TCP/IP requires a special protocol called NetBIOS over TCP/IP (NBT). The lower-level transport-layer protocols (i.e., UDP and TCP) support NBT.

By setting up a session-layer messaging system for communication between client and server, NetBIOS communications use Server Message Blocks (SMBs) to enable file-and-print sharing over Microsoft networks. The redirector, operating at the application level, interjects between application data requests and the OS to determine whether these requests apply to data available locally or to network-accessible resources. SMBs don’t transport data but are responsible for passing messages between client and server, so they can run atop any supported transport protocol: TCP/IP, NetBEUI, and the Microsoft implementations of IPX and SPX work with SMB-based messaging.

NT uses an upgraded version of SMB called the Common Internet File System (CIFS), which Microsoft based on SMB. CIFS works in the same way as SMB and has many of the same functions, with a few enhancements. For example, rather than resolving to NetBIOS names, CIFS can use Domain Name System (DNS) name resolution. Microsoft designed CIFS to be more secure than standard SMB: CIFS requires that a server authenticate access before contact is made.

Presentation and Application
Presentation protocols ensure that the data the network passes between systems is in a form that the recipient can understand. Compression, decompression, encryption, and decryption take place at this level. Presentation refers to the manner in which the system presents the data, rather than how the interface looks.

Application-layer protocols are responsible for all communication between user applications running on two separate machines, such as when you open a file on a file server or run an application from an application server. Client/server applications such as email operate at this layer.

A Final Map
Pull together each layer as I’ve discussed in this article, and you’ve created an OSI model applied to a TCP/IP network with thin-client networking capability and a connection to the Internet. Data transfer takes place on the physical level; so to send data, each layer passes information to the layer below it, and to receive data, each layer passes information to the layer above it.