Skip to main content

The Layered Model: Physical, Link, Network, Transport, Application

What This Concept Is

Networking does not run as one giant program. It is organized as a stack of layers where each layer:

  • trusts the layer below to deliver its payload
  • offers a more useful abstraction to the layer above
  • is replaceable without rewriting the others

The five-layer Internet model is:

  1. Physical -- bits on a wire, fiber, or radio: voltages, symbols, modulation.
  2. Link -- frames between directly connected nodes on one medium: Ethernet, Wi-Fi, PPP. Addresses are MAC.
  3. Network -- end-to-end packets across many links: IP. Addresses are IP addresses.
  4. Transport -- conversations between processes on two hosts: TCP, UDP, QUIC. Addresses are ports.
  5. Application -- the thing users actually care about: HTTP, DNS, SSH, SMTP, etc.

Each layer has its own unit of data, its own identifier, and its own protocols.

Why It Matters Here

Almost every networking question in engineering reduces to "which layer is this problem at?"

  • DNS failed: application layer.
  • No route to host: network layer.
  • SYN ignored: transport (or firewall).
  • Link is down: link/physical.

If you skip the layering, debugging turns into guesswork and protocol design becomes undisciplined. Every concept after this one in the module sits at a specific layer.

Concrete Example

Type curl https://example.com/ in a terminal. Roughly this happens:

  1. Application: curl decides to speak HTTP over TLS. It still needs an IP to connect to.
  2. Application (DNS): a UDP DNS query resolves example.com to 93.184.215.14 (an IP).
  3. Transport (TCP): curl asks the kernel to open a TCP connection to 93.184.215.14:443.
  4. Network (IP): the kernel puts TCP segments into IP packets addressed to 93.184.215.14.
  5. Link (Ethernet/Wi-Fi): each IP packet goes into a frame addressed (MAC) to the next-hop router.
  6. Physical: the frame becomes electrical, optical, or radio signals.

At the destination, the process runs in reverse: physical bits -> link frames -> IP packets -> TCP stream -> HTTP bytes.

Common Confusion / Misconception

"OSI has seven layers, so the Internet has seven layers." Not really. The OSI model has seven but the real Internet, and every practical implementation, uses roughly five. Presentation and session are folded into the application layer in practice. Learn the five-layer version and treat OSI as historical vocabulary.

Another trap: layers are not strictly sealed. TCP's behavior is affected by IP fragmentation; TLS session resumption depends on the same TCP connection being reused. The abstraction is a guideline, not a contract.

How To Use It

For any networking question, ask:

  1. What is the unit of data at this layer?
  2. What identifier does this layer use?
  3. What does the layer above expect?
  4. What does the layer below guarantee (and not guarantee)?

If you cannot answer those four at every layer involved, you do not yet have the mental model.

Check Yourself

  1. At which layer does a MAC address matter, and why does it not survive across a router?
  2. Why does the application layer never see IP packets directly?
  3. If the physical layer flips one bit, at which layer is the corruption most likely detected?

Mini Drill or Application

For each scenario, name the layer that dominates:

  1. "Cable unplugged."
  2. "DNS returned the wrong IP."
  3. "Connection refused on port 443."
  4. "Certificate expired."
  5. "MTU mismatch causing fragmentation."

Then, for one of them, walk the stack up and down and describe what the adjacent layers do even though they are not the dominant one.

Read This Only If Stuck