Volume Number: 16 (2000)
Issue Number: 4
Column Tag: Network Management

Networks 201

by John C. Welch

The technical introduction to networks

Hopefully, the title has made you think a little bit. Usually, introductory articles such as this one use the number '101', to indicate a beginner's course. Well, both various articles in MacTech, and other publications both in and out of the Macintosh networking space have covered that area quite adequately, so this is the next level. This is going to be a technical introduction to networks, and, while pointed at all of MacTech's readers, has two particular groups in mind. The first is the Mac network admin, whom, after years of elegant, (relatively), easy plug and play AppleTalk networking, suddenly finds themselves dealing with TCP/IP1, SMB2, and all the wonderful new acronyms that are keeping you at work late at night. The second target is the developer who is trying to make sure that their product is network enabled, or at least not network hostile, but only has a very high-level idea of networks and networking.

The purpose of this article is to take you from the 30,000 ft view of the 'Networking 101' articles, where you know the basics, and have a general view of what's going on, and drop you down to about 300 feet. At this level, you can make out most of the details of what is going on, and how it's happening. We aren't going to get into the actual API3 for programming networkable applications on the Mac, as that would be the 3 inch view, and fodder for another time. Also, for this article, we will concentrate on creating a way to classify networks and network services, and look at what those classifications mean. In following articles, we'll apply this classification to things like Ethernet, TCP/IP, FTP4, etc.

To start with, we need to have a model to describe networks as a thing. Mostly because a good model is like a table of contents, but also because most of us relate better to a thing than an amorphous concept. While there are as many ways to create a network model, the one most frequently used is the OSI5 model. This model breaks the network into seven parts, or layers. Each of these layers has a specific purpose, and a specific functionality. The purpose of each layer is to receive information from the layer above or below it, and perform its function on that information, then pass it onto the next layer. The only two layers that don't do this are the very top and bottom layers. The bottom layer, or physical layer, has only the layer above it, and the physical network connection below it. The top layer, or application layer, has only the layer below it, and the user above it. Each of the middle layers is in essence, performing two tasks: a) adding information to, or removing information from a piece of a message, or an entire message, and b) communicating with the matching layer on the other end of the transmission. So now that we know that we are going to be using the OSI model, and that the OSI model has seven layers, let's take a brief look at some of the details within this model, since it is so critical to our ability to model networks.

Again, this is the model used to describe essentially every network in use. Regardless of how exactly a given network type, such as AppleTalk or TCP/IP actually fits into the OSI model , they still manage to coerce their actual structure it into one that is compliant with the way the OSI model displays a network's architecture. The OSI model was designed approximately 20 years ago in an attempt to overcome the completely proprietary network design of the time. At this time all networks were worlds unto themselves with no way to connect to other networks and the vendors of these networks highly discouraged any sort of interconnection. Needless to say the OSI reference model was considered highly radical for the time. Even more radical was the fact that the OSI was not just a reference model but was intended to be a physical network type along with Novell, IBM, and AppleTalk. However the actual OSI network was balky, unwieldy, and almost impossible use with the equipment of that time. Also by the time that anyone started seriously considering moving to an actual OSI network TCP/IP had come upon the scene and had become the defacto standard that it is today. But, the OSI had created the model that is the basis for visualizing networks and network functions.

As I mentioned before, the OSI model has seven layers. In the creation of these layers five essential principles who were used to decide what would make up a layer and its related functions.

• A layer should be created where a different level of abstraction is needed. That is to say, that if you need to create a new representation of what this layer is doing, a new layer should be created to fit this representation. In other words, each player should only a one representation of its function.
• Each layer should perform a well defined function. This principle dictates that there should be a one-to-one match between the function of each layer and the layer itself. Although ideally this would mean any single layer only had a single function, as we study the lower layers and particularly the data link layer, we shall find that in fact this is impossible to maintain.
• The function of each layer should be chosen with an eye toward defining internationally standardized protocols. In other words, don't create a function that can only be performed by a privately owned, proprietary, networking protocol.
• The layer boundary should be chosen to minimize the information flow across the interfaces. You don't want to set up layers that require huge amounts of data of more information flow across their interfaces. Besides violating principle two, this will also slow down the speed of your network, and make it harder for third-party providers to create products that use your network.
• The number of layers should be large enough that distinct functions need not be thrown together in the same layer out of necessity, and small enough that the architecture does not become unwieldy. Finally, you want to make sure that you have enough layers, so that each function can have its own layer or as close as possible to that. But you also don't want to have so many layers that it's impossible to actually use your network in a real-world situation.

Now that we have looked at a bit of the OSI model's history, and guiding principles, let's move on to the layers themselves.

Layer One: Physical

The physical layer is concerned with essentially two things: bits and signals. This is the layer that controls the actual transmission of ones and zeros or actually the electrical signals that make up a one or a zero across the network cabling or transmission media be it wireless, copper cable, or optical fiber. This is the layer that ensures that when the sender transmits a signal that is a one, that the receiver receives that signal as a one. This is also layer that decides exactly how many volts equal a binary one or a binary zero, (for example, if we use TTL6 logic levels, then a +5 volt signal is used to represent a binary one, and a 0 volt signal is used to represent a binary zero. ) this letter also establishes how long a signal needs to be in duration to be considered a valid one or zero whether or not communications can proceed in both directions simultaneously, (duplex), or only one direction at a time (simplex). So this is the layer that decides how many wire pairs you need for a given type of network, the required quality of the wire, how many twists per inch for twisted pair cable, or the mode type for fiber.

This layer receives frames of data from Layer 2, the Data Link Layer, and sends them out onto the transmission media as a serial stream of ones and zeros. It also receives ones and zeros from the transmission media, and sends them up to Layer 2 so they can be assembled into frames.

Note: the physical layer is the functional representation only. It only deals with the processes and mechanisms that place signals on to, and receive signals from the transmission media. It does not include the physical transmission media, itself. In other words the physical layer ends at the network port on the network interface, be that Ethernet, ATM, or wireless. While the particular physical layer device or media may create specifications for a particular type of transmission media, the actual type of media itself is outside of the physical layer functionality. Informally, the physical transmission media tends to be called Layer zero.

The Physical Layer is where we become concerned with things like baud, (which is the number of physical changes in a signal per second.), and bps, or bits per second, (which is the number of physical bits being forced down the line)7. Most of the equations that determine line capacity are in the realm of the Physical layer. Although there are quite a few, we will look at only the most important, which decreases the number quite a bit. The first of these is Nyquist's theorem, which was developed in the mid-1920s. This theorem deals with maximum data rate on a clean line. This theorem also proves that if a signal is run through a low - pass8 filter set to a bandwidth of H, then the signal can be reconstructed by making 2H samples per second. The fact that a the filter is a low-pass filter limits the maximum effective sampling rate to 2H, as anything higher has already been filtered out. So, if the signal contains V discrete levels, then the theorem is expressed as :

Maximum data rate = 2Hlog2Vbits/sec

So by applying this theorem, a perfectly noiseless channel, with a bandwidth of 3KHz, can transmit a binary signal at a maximum data rate of 6Kbps. Now obviously, the only place a perfectly noiseless channel exists is on paper, so Nyquist's theorem is only useful for finding the theoretical maximum capability of a physical medium. To measure the amount of noise on a channel compared to the amount of signal on the same channel, we use the idea of the signal-to-noise ratio. By using S to represent signal, and N to represent noise, we have our common equation of S/N. This ratio is usually not expressed in a raw format. Rather, the quantity 10log10S/N is used. This gives you the S/N in decibel units, or dB, so a ratio of 10 is 10dB, 100 is 100dB, and so on. Usually the dB is implied. To establish what the maximum bandwidth of a signal is for a line with a given S/N, Claude Shannon carried on with Nyquist's work, and in 1948, came up with the theorem that calculates this bandwidth. This theorem express the maximum bandwidth for a noisy channel with H Hz bandwidth, and a signal-to-noise ratio of S/N as:

Maximum bps = Hlog2(1+S/N)

So, for a 3KHz channel, with a S/N of 30dB, (typical for an analog telephone line), the best data rate can be no higher than 30Kbps, regardless of signal levels, or sampling rate.

These two theorems give us the ability to figure out capacity for almost any line type that uses electrical signals, the obvious exception being fiber optic communications, which are subject to different levels. For fiber networks, the limiting factor besides distance and signal power, is attenuation. As the laser pulse travels down the fiber, it is attenuated by imperfections in the glass, dust particles etc. To establish the inherent attenuation in a given piece of fiber, so that the physical layout of the network can be established, the following equation is used:

Attenuation in dB = 10log10(transmitted power/received power)

So, if the difference between transmitted power and received power is 2, then the line attenuation is 3dB.

Although technically outside of the physical layer, since these equations directly affect what the physical layer is transmitting over, it is important to understand them. By knowing these aspects of the physical part of a network, and the OSI physical layer, we can determine the best ways to build this level of a network, and how to use it. They also allow us to understand some of the reasons why 10Mbps Ethernet only has a real world throughput of 6-8 Mbps.

Layer Two: Data Link.

This layer communicates with Layers 1 and 3. It has a more complex function than Layer 1, as it is dealing with more complex functions. At the most basic level, the receives data and routing information from Layer 3, the Network Layer, and assembles them into frames which are passed onto the Physical Layer. It also receives serial bitstreams from the Physical Layer, and assembles these into frames, which are then passed onto Layer 3.

The actual functions of the layer are a bit more complex. First of all, the Data Link Layer is responsible for ensuring successful delivery of the frame to the destination. This is done via having the recipient send back an acknowledgement frame for each data frame it receives. When receiving a frame, the Data Link Layer also examines the frame content to ensure the contents of the frame arrived in the correct order and content. This is accomplished via special bit patterns at the beginning of each frame. This is also where error checking, such as CRC9 checks are used. If the network supports duplex communications, then the acknowledgement frames are used to 'piggyback' the data frames from the other end of the communication.

The Data Link Layer also deals with issues such as damaged, lost, and duplicate frames. It may do this by giving the Network Layer multiple classes of service, each with different quality guarantees. If the network has end nodes capable of transmitting data at many different rates, the Data Link Layer has to be able to act as a traffic cop, and ensure that slower end nodes do not get overrun by the faster nodes. If the network is a broadcast network, (all stations receive all messages) then the Data Link Layer has to control access to the media. For these networks, such as Ethernet, and wireless networks ala the AirPort, the Data Link Layer has a special sublayer, called the medium access layer is used, (although it is an important aspect of networking, medium access is literally the difference between most common network types, will only be covered in the most general sense in this article, as the amount of information that pertains to this is best dealt with on its own.)

Of the types of services the Data Link Layer can provide, there are three common types:

• Unacknowledged connectionless service.
• Acknowledged connectionless service.
• Acknowledged connection-oriented service.

The first type, unacknowledged connectionless service, is when the source transmits all of its data to a destination without acknowledgement of any of the frames. No connection is established between the source and the recipient, and there is no verification of data reception. This type of service is most often used where time is a critical factor, such as live speech or video. In this type of service, missing a frame or two is not as bad as having a live transmission halted or dropped for error recovery procedures.

The second service type, acknowledged connectionless service, is used where data integrity is critical, but a connection cannot be reliably established. Even without a connection, the data is acknowledged on a frame-by-frame basis, so that reliability is maintained. This type of service is seen on wireless systems.

The final type is where both connection reliability and data integrity are of the utmost importance. In this service, a connection is established between two nodes. Each frame sent is numbered, and the Data Link Layer provides a guarantee that all frames are received once, and in correct order. Once the data transfer is complete, the connection is explicitly torn down, and resources freed for the next connection. This type of service is frequently seen on leased-line, wide area networks.

Earlier I mentioned that the Data Link Layer receives and transmits frames to and from the Network Layer. This is done because the interface with the Network Layer assumes that frames are being sent. It is up to the Data Link Layer to create and break down the frames when interfacing with the Physical Layer. One of the more difficult parts about frames is their delineation. In other words, how does the Data Link Layer know the beginning and end of a frame? One of the most obvious ways would be a time gap between frames. However, time is not a guarantee on a small network, and if the Internet is involved, then making a time guarantee is almost impossible, as any of us who are waiting on critical emails can attest to.

There are four basic ways to delineate frame boundaries:

1. Character count.
2. Starting and ending characters, with character stuffing.
3. Starting and ending flags, with bit stuffing.
4. Physical Layer coding violations.

The first method is the simplest. Set a number n of characters to be the count of a frame. Every n characters, end the frame, and begin counting for the next one. The problem with this is if an over or undersized frame is sent. The synchronization of the frames is garbled, and the layer can't find the next frame. Even if error checking shows the frame is bad, the start of the next frame is still lost. Without resetting the entire network, there is no way to recover from this. As a result, character count is rarely used anymore.

The second method deals with frame boundaries by creating character sets that represent these boundaries. Usually DLE10 STX11 is used for the frame beginning, and DLE ETX12 is used for the end of frame boundary. Although this makes it easier to recover from a bad frame error, a problem can still occur if the data in the frame happens to have a DLE STX or DLE ETX pair. To avoid this, the Data Link Layer on the sending side inserts, or stuffs a DLE character before each DLE in the data, and the receiving side removes the extra character. When this method is used, the Data Link Layer knows that a double DLE means that this is not a frame boundary. The disadvantage to this method is that for this to work, the data must be represented as 8-bit ASCII13 code. When almost all of the data sent over a network was text, this was a fairly reliable assumption, at least in this hemisphere. However, if you are using a double-byte character set, such as Chinese, or dealing with the more sophisticated data types, such as multimedia data, this assumption quickly breaks down.

The third method was invented to get around the character - based limitations. This sets a special bit pattern, 01111110 as the frame boundary, and is used for both the beginning and end of the frame. To avoid this pattern being duplicated in the frame itself, whenever five consecutive ones are found, a zero is inserted in the bit stream, hence the term 'bit stuffing'. Whenever the receiving end sees five consecutive incoming ones followed by a zero, it automatically deletes, or unstuffs, the first zero after the one. So the bit stream would look something like this:

Original:	0111111010101110011111000111111111100111001111110
Stuffed:	011111010101011100111110000111110111110001110011111010
Unstuffed:	0111111010101110011111000111111111100111001111110

Note that this method correctly deals with a longer stream of ones as well as a naturally occurring string of five ones followed by a zero. As the data is received and the zeros removed, the frame boundaries reassert themselves along with the data, so even if the frame data is bad, the end of the frame can be quickly determined, and the frame discarded.

The final method uses the way the Physical Layer encodes bits within a signal. Since normally, a one is represented by a high-low pair, and a zero by a low-high pair, the high-high and low-low pairs can be used for frame boundaries. This method is used by the 802 LAN standard, which covers things such as Ethernet and Token Ring.

The next job of the Data Link Layer is to ensure that all frames are delivered, and in the correct order. The first part of this is to use acknowledgement frames. For every frame sent, the receiver sends back a positive acknowledgement for a good frame, and a negative acknowledgement for a bad frame. One acknowledgement is required for each data frame. To avoid infinite waits for frames that are lost, a timer is set when a data frame is sent, and reset with every acknowledgement frame. If the timer runs out, then the frame is resent. To avoid multiple retransmissions of frames, sequence numbers are used to distinguish between original and resent frames. Ultimately, the real responsibility for timers and sequence numbers belongs to the Network Layer, and will be dealt with in more detail when we get to that layer.

To assemble a frame, the transmitting end asks for data from the Network Layer. This is sent to it as a packet. The Data Link Layer neither knows, nor cares what is in the packet. It takes the packet, adds a data link header and trailer to it, and sends it off to the receiving Data Link Layer, via the Physical Layer, which adds a checksum, and shoves the data out along the media. On the receiving end, once the Physical Layer has received the layer, and checked it via the checksum, it passes the data to the receiving Data Link Layer, or an error message if the checksum failed. If the checksum passed, the Data Link Layer checks the control information in the frame header. If that checks out, the frame header and trailer is stripped out, and the data, or packet in this case is sent to the Network Layer. By never sending frame information to the Network Layer, the protocols that are used at these layers can be kept separate. This simplifies programming for a Network Layer, and also allows different protocols to be used if needed.

The frame itself is composed of four parts, three of which contain control information, and one which contains the packet from the Network Layer if it is a data frame, or nothing if it is a control frame. The first part is the kind. This indicates if the frame is a data frame, in which case, it will have packet data, or a control frame, and has no packet data. The second field is the seq field, which is used to carry sequence numbers. These determine where in the data flow this frame should be. The third field is the ack field, and is used to contain positive or negative acknowledgements of data received. These first three fields are contained in the frame header. The fourth field is only used in data frames. The info field only contains the data from a packet passed on by the Network Layer. If the frame is a control frame, this field is either not present, or has a length of zero.

Another responsibility of the Data Link Layer is flow control. This is an important responsibility, as without it, a network could be killed by a few nodes endlessly retransmitting lost frames that will never get anywhere. In addition, flow control also helps deal with speed differences between nodes.

The final job of the Data Link Layer is error correction and error detection. I will not go into a great deal of detail on the actual techniques, as that could easily take an article in itself, but I will mention that most error correcting is done via Hamming codes, which will actually fix errors in a byte or bust set of bytes. As well, error detection is performed via CRC checks, which, if 16 - bit CRC is used, can detect 100% of all errors of the following types: single, double, errors with odd numbers of bits, and all burst errors of 16 bits or less. It can also detect 99.997% of all 17 bit burst errors, and 99.998% of all burst errors of 18 and greater bits.

Layer Three: Network

This layer is responsible for all routing used on a network. Indeed, routers are layer three devices. Since this layer has no way to detect or correct errors, it relies on the Data Link Layer to perform this duty. This keeps with the idea of specific functions for specific layers. This is also the layer that deals with routable protocols such as IPX, IP, and AppleTalk. This layer is not required, and is only needed if a routing function is called for. The Network Layer also handles congestion in subnets, and accounting of packets that travel through a device at this layer. Finally the Network Layer is responsible for translating addresses between different types of networks. Note that in a pure broadcast network, such as a home Ethernet setup, there is almost no need for this layer, and it is therefore unused or very thin.

The Network Layer is also the lowest level layer in the OSI model that communicates in an end-to-end fashion. In other words, the Network Layer is not sending packets to the Data Link Layer to be passed to the Physical Layer, and then to the remote machine. Instead, it is directly communicating with the Network Layer on the remote machine. The other layers happen to be the way to do this, and are in essence, invisible to the Network Layer. All the layers above the Network Layer communicate in this same fashion. This is one of the hardest concepts of the OSI model to wrap one's head around, but it is one of the most important.

Since the Network Layer is the routing layer, this bears some looking at. Again, in the name of space, we will keep this fairly shallow, as, literally, entire books are written about routing. Basically, you have two types of issues to deal with when routing: Connection - oriented networks, (such as TCP14 and ATM15), and connectionless networks, (such as UDP16). For a connection-oriented network, the routing can be fairly simple. A virtual circuit is set up by the end nodes, and any routers in between the nodes. This virtual circuit is given an ID number that is propagated to all devices on the virtual circuit. Each packet sent out by the Network Layer has this virtual circuit as part of its control fields. As the packet travels along the virtual circuit, this ID is used to make sure that it travels the correct route to it's destination. This makes addressing the packets simple, but means the routers have a lot more work to do, as they must maintain many hundreds of virtual circuits, and the tables required to maintain them. Also, building up and tearing down the circuits adds overhead to the routers and network in general. (If you consider that one of the main route points on the Internet, such as MAE West may have many millions of connections in a day, you can see where even a small amount of overhead can quickly add up. It's rather like the quote about the Federal Budget: "A billion here, a billion there, pretty soon you are talking about real money.")

The other option is to use connectionless, or datagram routing. In this method, there are no virtual circuits. Instead, each individual packet, or datagram contains the full source and destination address. For larger networks, this address can be over a dozen bytes in length. As each packet arrives at a router, the router analyzes these addresses, and sends the datagram out in accordance to the routing algorithm it is using for that type of datagram. In this type of routing, there are no circuits to establish or tear down. Also, the routers only have to know which is the next hop in the datagram's path. However, datagram routing can also create congestion problems, as usually there end up being multiple copies of a datagram sent out. Indeed, one of the simpler methods of datagram routing involves sending a copy of the datagram out on every wire but the one it came in on. For high - traffic sites, this could be a real problem. As a result, some of the more interesting routing algorithms deal with datagram routing.

Besides the router, another one of the more common devices that operate in the network layer is a firewall. This operates by dealing with the type of connection, (virtual circuit/connection oriented or datagram/connectionless), the source and destination of the packet, and the type of information it carries. Layer 3 firewalls are more concerned with the first two connections. As an example, you would set up a firewall that allowed all outgoing TCP connections on port 21, which is the port used for FTP, so that the users inside of the firewall could easily transfer files as needed. But you would then disallow any incoming TCP connections on port 21, so that no one outside the firewall could create a connection to a machine inside the firewall, thereby creating a possible security hole. Firewalls that operate at higher layers actually look at the information in each packet, and make allow/disallow decisions based on this. Using this method, you could regulate traffic by making a keyword list for email, and either block messages with a keyword, or be notified that one had been sent. Although this can be more flexible than port blocking, it also creates more overhead. As a result, most firewalls allow combinations of layer 3 and layer 7 services.

Layer 4: Transport

This is considered one of the most critical layers of the OSI model, and is at the heart of most protocol services. The Transport Layer is responsible for end-to-end integrity of communications. Although this seems to duplicate some of the functionality of the Data Link Layer, the Transport Layer is the layer responsible for providing this functionality beyond the local network segment. It can detect that a packet has been discarded by a router, and request its retransmission. The Transport Layer is also the layer responsible for detecting out of sequence packets, and resequencing them before passing them up to the Session Layer. The Transport Layer is also the layer that insulates the upper layers from changes in lower layer situations, such as networking interfaces. (For PowerBook users, this is what allows you to send email via PPP or Ethernet without having to tell your email program that you are now using a different connection type, and helps make things like Location Manager work.) The Transport Layer is also what handles things like multiple connections, allowing the simultaneous use of email, web browsers, ftp, etc. Finally the Transport Layer deals with connection setup and teardown, and flow control.

Within the Transport Layer, the software and hardware that do the actual work are called the transport entity. This entity can be in the OS kernel, a user process, a shared library, or even the network interface. Basically, it can be anywhere that has the required access to network services. The Transport Layer has two types of service, connectionless and connection-oriented, just like the Network Layer. The connection-oriented service deals with the same issues as the Network Layer's, i.e. connection establishment, teardown, flow control, addressing etc. However, the Transport Layer provides levels of these services beyond what the Network Layer can. One of these enhancements is its ability to compensate for an unreliable Network Layer connection. For example, if a connection is suddenly terminated, the Transport Layer can set up a new connection, determine what the last packet successfully sent was, and resume from there, somewhat like resuming an aborted FTP transfer.

This capability allows for the transport services to be more reliable than the underlying network services. The Transport Layer also allows for a computer to smoothly move between different types of network services, such as moving an iBook from an Ethernet connection to an AirPort connection. For developers, it means that they don't have to write a separate set of network code for every type of possible connection. All they have to do is write code for a general type of network, such as AppleTalk, or TCP/IP, and the Transport Layer can take care of how that network connection is made. Due to this feature, the bottom four layers in the OSI model are viewed as the transport service provider, and the top four layers are viewed as the transport user service.

Another feature the Transport Layer provides is Quality Of Service, (QOS). QOS allows different network services, such as video, email, and backups, to receive better, or worse amounts of network resources depending on QOS levels. For example, the live video feed of an iCEO might get the highest priority QOS levels, giving it maximum bandwidth and lowest latency, whereas a competitor's video feed would get far lower QOS levels. This allows networks, particularly ATM networks, to use bandwidth more efficiently, and allows service providers to have a cost model built on QOS.

Layer 5: Session

The Session Layer, although a part of the OSI model, tends to get bundled in with other layers, usually the Transport Layer. It's primary function is to manage communications flow during a connection, or session. The Session Layer determines if the flow is mono or bi-directional, and ensures that a current request is complete before the next one is accepted. In the case of mono-directional traffic, the Session Layer keeps track of whose turn it is to send data. In some cases, a protocol may not allow certain actions to occur simultaneously. To avoid this, the Session Layer handles token management, where only the side with the token can initiate an action. Finally, the Session Layer provides a way to insert checkpoints into a data stream, so that if a crash occurs, only the data transferred after the last good checkpoint has to be resent, ala resumable FTP again.

Layer 6: Presentation

This layer deals mainly with data encoding and format translation. Examples of this would be translating between ASCII and EBCDIC17 encoding, different floating-point formats, or endian issues between PCs and Macs. Another service that occurs at this level are things like encryption and decryption, as they deal with data encoding too. In essence, whereas the layer below the Presentation are concerned with getting bits from point a to point b, the Presentation Layer is concerned with the syntax and semantics of the data. The Presentation Layer allows different data formats to be abstracted into a structure more compatible with network transmission for sending, and to be pulled correctly from those structures upon reception.

Layer 7: Application

This is the final layer in the OSI model, and the one we are most used to dealing with. The 'application' in Application Layer is not the actual user application, such as Transmit, Netscape, or OutLook Express. Rather it is the application of the network for those applications, such as e-mail, FTP, HTTP18, etc. For example, to get new mail, an e-mail application would create an Application Layer request for IMAP19 or POP20 services. This request is then processed through all the lower layers to the network, and up through the layers at the server.

Most of the user protocols live at this layer, so for example, a telnet application, such as Better Telnet does all of its work, such as initiating new sessions, determining how to display information on the user's window, etc. Other issues such as how to properly convert a FTP file stream into a proper HFS+21 file are handled at this level.

I don't mean to gloss over the importance of what goes on at this level, but to go into specific detail would turn the column into a primer on FTP, telnet, IMAP, etc., and those are best served by later columns.

So we now understand what the OSI model is, and what its layers represent, and examples of the duties and services those layers provide. Now that we have a model, we can begin applying it to networking and administration. The next column will technically be outside of the OSI model, as it will deal with wire topologies, and different connection issues, but we'll lump it in with the OSI model, and call it Layer 0.

I hope you'll hang on to this column, as I will be using a lot of the terms and ideas started here as we continue our detailed examination of networks. If you want to read up on your own, the sources I list in my bibliography are a good start, although some of them can get into amazing levels of very technical detail that would only concern you if you are designing things such as routers and interface cards.

Tannenbaum, Andrew S. Computer Networks. Third Edition Prentice Hall, 1996.

Sportack, Mark. Networking Essentials Unleashed. SAMS Publishing, 1998.

John Welch (jwelch@aer.com) is the Mac and PC Administrator for AER Inc., a weather and atmospheric science company in Cambridge, Mass. He has over fifteen years of experience at making computers work. His specialties are figuring out ways to make the Mac do what nobody thinks it can, and showing that the Mac is the superior administrative platform.