What the OSI model actually is
The OSI model — short for Open Systems Interconnection — is a conceptual framework that breaks networking into seven stacked layers, each responsible for one slice of the job of getting data from one machine to another. It was standardized by the International Organization for Standardization in the 1980s as a vendor-neutral reference so that people building and describing networks would have a shared vocabulary.
The single most important thing to understand up front: the OSI model is a reference model, not a literal description of how real network software is built. Nobody ships an operating system with seven neatly separated modules that map one-to-one onto these layers. The internet actually runs on the leaner TCP/IP model, which collapses OSI's seven layers into roughly four. The OSI model survives because it is an excellent teaching tool and, above all, an excellent troubleshooting tool — it gives engineers a precise way to say where in the stack something is going wrong.
The layers are numbered 1 through 7 from the bottom up. Data from an application travels down the stack on the sending machine — each layer wrapping the data from the layer above in its own header — across the wire, and back up the stack on the receiving machine, with each layer stripping off its own header. Let us walk through them from the bottom.
Layer 1 — Physical
The Physical layer is where networking meets the real, physical world. Its job is to move raw bits — ones and zeros — across a medium. It defines things like voltage levels on a copper wire, pulses of light in a fibre-optic cable, radio frequencies for Wi-Fi, connector shapes, and pin layouts. It has no concept of an address, a message, or where the data is going; it just turns bits into signals and signals back into bits.
Concrete examples: an Ethernet cable and the RJ45 port it plugs into, a fibre strand, the radio waves carrying Wi-Fi or 5G, a network interface card's transceiver. When you unplug a cable or walk out of Wi-Fi range, you have created a Layer 1 problem.
Layer 2 — Data Link
The Data Link layer organizes raw bits into structured chunks called frames and moves them between two directly connected devices on the same local network. It adds hardware addressing so that on a shared medium — say, everyone plugged into the same switch — each device knows which frames are meant for it. Those hardware addresses are MAC addresses, burned into every network interface.
This is the layer of Ethernet and Wi-Fi themselves, and of the network switch, which forwards frames based on MAC addresses. The Data Link layer also handles basic error detection so a corrupted frame can be spotted and dropped. Crucially, it only concerns itself with the local hop — getting a frame from your laptop to the switch, or from the switch to the router. It has no idea how to reach a machine on the other side of the world; that is the next layer's job.
Layer 3 — Network
The Network layer is where data learns how to travel across multiple networks to reach a destination anywhere on the internet. It bundles data into packets and gives every machine a logical address that works globally: the IP address. Where a MAC address identifies a device on the local link, an IP address identifies it across the whole internet.
The signature Layer 3 activity is routing: routers read the destination IP on each packet and forward it hop by hop toward its destination, choosing a path across the maze of interconnected networks. The Internet Protocol (IP) itself lives here, in both its IPv4 and IPv6 forms. When people say something is “a layer-3 problem,” they usually mean an IP addressing or routing issue — the packets are not finding their way to the right network.
Layer 4 — Transport
The Transport layer manages the end-to-end delivery of data between two applications, splitting it into segments and reassembling them in the right order at the other end. This is the home of the two workhorse protocols of the internet: TCP and UDP. TCP provides a reliable, ordered, connection-oriented stream — it retransmits lost data and guarantees order, at the cost of some overhead. UDP is lightweight and connectionless — fire and forget, ideal for live video, voice, and games where speed matters more than perfect delivery.
The Transport layer also introduces ports: numbers that let a single machine run many network services at once and keep their traffic separate. Port 443 is HTTPS, port 25 is email, port 53 is DNS. The combination of an IP address and a port is what pins down one specific conversation between two programs.
Layer 5 — Session
The Session layer is responsible for opening, managing, and closing the ongoing sessions — dialogues — between two applications. It handles setting up a conversation, keeping it coordinated while it runs, and tearing it down cleanly when it is finished, including things like checkpointing a long transfer so it can resume rather than restart. In the real TCP/IP world, most of what OSI calls the Session layer is handled inside applications or by the transport layer itself, which is one reason Layers 5 and 6 feel the fuzziest in practice.
Examples usually cited for this layer include the mechanics of authenticated logins that persist across a series of requests, and remote-procedure-call frameworks that keep a caller and a service in step.
Layer 6 — Presentation
The Presentation layer deals with how data is represented — translating between the raw bytes on the wire and the structured data an application expects. Its responsibilities are character encoding (turning text into bytes and back, such as UTF-8), data serialization formats, compression, and encryption.
This is the layer people most often point to when placing TLS — the encryption behind HTTPS — because TLS transforms application data into an encrypted form. But this is exactly where the model gets messy: TLS actually runs on top of TCP (Layer 4), is negotiated by Layer 7 applications, and does not sit in a tidy Layer 6 box. Treat “TLS is around Layer 6” as a useful approximation, not a hard fact.
Layer 7 — Application
The Application layer is the top of the stack — the layer closest to the user, and the one that actual programs speak. It is not the application itself (your browser is a program, not a layer) but the network-facing protocols that applications use to exchange meaningful data. This is where HTTP and HTTPS serve web pages, where DNS turns names into IP addresses, where SMTP moves email, and where protocols like FTP and SSH live.
When you load a website, the request you generate starts life at Layer 7 as an HTTP message, then travels down through every layer below it — getting a port and TCP segment at Layer 4, an IP packet at Layer 3, a frame and MAC address at Layer 2, and finally becoming electrical or radio signals at Layer 1 — before making the reverse journey up the stack on the server.
The 7 layers at a glance
| Layer | Name | Examples |
|---|---|---|
| 7 | Application | HTTP, HTTPS, DNS, SMTP, SSH, FTP |
| 6 | Presentation | Encoding (UTF-8), compression, encryption (TLS) |
| 5 | Session | Session setup and teardown, checkpointing, RPC |
| 4 | Transport | TCP, UDP, ports, segments |
| 3 | Network | IP addresses, packets, routers, routing |
| 2 | Data Link | Frames, MAC addresses, switches, Ethernet, Wi-Fi |
| 1 | Physical | Cables, fibre, radio waves, bits, connectors |
How the OSI model maps onto the real TCP/IP model
The internet does not actually run on seven layers — it runs on the TCP/IP model, which is what protocols were really designed against. TCP/IP has about four layers, and they map onto OSI roughly like this:
- Link (or Network Access) layer — combines OSI Layers 1 and 2 (Physical and Data Link). Ethernet and Wi-Fi live here.
- Internet layer — corresponds to OSI Layer 3 (Network). This is IP, and it is why an IP address is often called a “layer-3 address.”
- Transport layer — corresponds to OSI Layer 4. TCP and UDP, unchanged.
- Application layer — rolls OSI Layers 5, 6, and 7 into one. HTTP, DNS, TLS, and everything an application deals with sits here together.
This mapping is where you can see why the OSI model is a reference rather than a blueprint. Real protocols like TLS and DNS do not slot cleanly into a single OSI layer — TLS straddles the transport and presentation ideas, and DNS is an application-layer protocol that itself rides on UDP or TCP at Layer 4. The TCP/IP model's decision to merge the top three OSI layers reflects how the boundaries between session, presentation, and application are blurry in practice.
A mnemonic for the seven layers
Because the layer order comes up constantly, most people learn it with a mnemonic. From Layer 7 down to Layer 1 — Application, Presentation, Session, Transport, Network, Data Link, Physical — a common one is “All People Seem To Need Data Processing.” Reading the other way, from Layer 1 up to Layer 7 — Physical, Data Link, Network, Transport, Session, Presentation, Application — many use “Please Do Not Throw Sausage Pizza Away.” Either one anchors the order so you can reason about the stack without looking it up.
Why engineers still talk in layer numbers
The OSI model earns its keep as a diagnostic language. When a network breaks, the fastest way to describe the fault is to name the layer:
- “It's a layer-1 problem” — a physical fault: an unplugged cable, a dead port, out of Wi-Fi range. Check the wire before anything else.
- “It's a layer-2 problem” — something local: a switch issue, a MAC address conflict, a VLAN misconfiguration on the same network segment.
- “It's a layer-3 problem” — IP addressing or routing: the wrong subnet, a bad gateway, a route that does not reach the destination network.
- “It's a layer-7 problem” — the network is fine but the application protocol is misbehaving: a bad HTTP response, a DNS record pointing to the wrong place, a certificate error.
A load balancer that makes decisions based on IP addresses and ports is called a “layer-4 load balancer”; one that reads HTTP paths and headers is a “layer-7 load balancer.” The numbers are shorthand that instantly tells other engineers how deep in the stack a device or a bug operates. That is the real, lasting value of the OSI model — not as a construction plan, but as a shared map everyone can point at.
Frequently asked questions
What are the 7 layers of the OSI model in order?
From bottom to top: Layer 1 Physical, Layer 2 Data Link, Layer 3 Network, Layer 4 Transport, Layer 5 Session, Layer 6 Presentation, Layer 7 Application. Layer 1 moves raw bits over a medium; each layer above adds more abstraction until Layer 7, the application data that users actually interact with.
Is the OSI model still used?
Not as a blueprint for building software — real networks run on the leaner TCP/IP model. But the OSI model is very much alive as a shared vocabulary. Engineers say a fault is “a layer-1 problem” or “a layer-3 issue” to pinpoint where in the stack something broke, and certifications, textbooks, and product datasheets all use its layer numbers.
What layer does TLS or HTTPS sit at in the OSI model?
It does not fit cleanly. TLS provides encryption and is often described as sitting around Layer 6 (Presentation) because it transforms application data, but it runs on top of Layer 4 (TCP) and is negotiated by Layer 7 applications. This awkwardness is a good illustration of why the OSI model is a teaching reference, not a literal description of how modern stacks are built.
Related reading
- What is an IP address? — the Layer 3 address that routes your packets across the internet.
- What is a MAC address? — the Layer 2 hardware address that moves frames on your local link.
- TCP vs UDP — the two Layer 4 transport protocols and when each one is the right choice.
- How DNS works — the Layer 7 protocol that turns names into IP addresses.
- TLS and HTTPS — the encryption that awkwardly straddles the transport and presentation layers.
- The networking glossary — short definitions for every term in this guide.
