The Department of Defense Four Layer Model is used to discuss the architecture of TCP/IP. The four layers (from top to bottom) are the Application Layer, the Transport Layer, the Internet Layer and the Link Layer. The DoD Four Layer model was used during the creation of TCP/IP, but was not formalized until well afterwards (in RFC 1122, “Requirements for Internet Hosts — Communications Layers”, October 1989). This model is not suitable for discussing all protocol suites (for example, OSI doesn’t really fit into it), but is ideal for discussing TCP/IP, which is the dominant protocol suite in use today.
There is another model, from the early days of networking, called the OSI Seven Layer Model. It was originally created to describe the protocols in the X.200 protocol suite, also known as the OSI, or Open System Interconnect protocol suite. The OSI protocol suite included such standards as X.400 E-mail and X.500 Network Directory. The OSI protocol suite is of mainly historic interest today, although many books and companies still use the OSI terminology to discuss network architecture. The seven OSI layers, from top to bottom are
The OSI Application, Presentation and Session layers correspond to the DoD Application Layer. The OSI Transport layer corresponds roughly to the DoD Transport Layer. The OSI Network layer corresponds to the DoD Internet Layer, and the OSI Data Link and Physical layers correspond to the DoD Link Layer. Often OSI layers are referred to only by their numbers, for example, “layer 3”.
The articles on this website will describe network protocols in terms of the DoD Four Layer Model, with a few notable exceptions (e.g. “layer 3 switches”).
The Application Layer is where applications such as Web and E-mail clients, as well as Web and E-mail servers live. These applications are not part of the operating system, but are installed on top of it, and run in User Space. In comparison, the lower layers are typically provided as part of the operating system, and may run in Kernel Space. These applications make system calls to make or receive network connections, as well as send and receive data, using mechanisms in the lower layers of TCP/IP (primarily the Transport Layer).
There are many protocols in the Application Layer, including most of the ones people are familiar with and use on a daily basis, such as HTTP, HTTPS, FTP, SMTP, IMAP, DHCP, DNS, LDAP, NTP, RTP, SIP, SSH, etc. Addresses at this layer are IP addresses (see below), but typically people use alphanumeric domain names (e.g. www.sixscape.com) that are mapped onto IP addresses by DNS by network applications. IP packets include IP addresses, not domain names. Every node that is accessible from anywhere on the Internet must have a globally unique (public) IP address (IPv4 and/or IPv6).
The Transport Layer is where TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) live. Applications typically use mechanisms at this layer to implement network functionality (it is rare for applications to use lower layers directly). There is a widely used API (Application Program Interface) available in most operating systems that implements the “Socket Abstraction Layer”, a model for how an application can make use of a network. There are several different kinds of sockets. With TCP there are listening, receiving and sending sockets. For UDP, there are receiving and sending sockets. Both UDP and TCP add the concept of network ports. UDP is a thin mapping onto the Internet Layer packets that is efficient, but has no concept of streams or error recovery. TCP is a very complex, thick mapping onto the Internet Layer packets that implements a connection oriented data path, good for data streams, complete with error detection and retransmission. Addresses at this layer are IP addresses (see below).
The Internet Layer is where IP and a helper protocol called ICMP live. In IP version 4, there are IPv4 and ICMPv4. In IP version 6 there are IPv6, ICMPv6, Neighbor Discovery and Multicast Listener Discovery protocols. Actually these last two are really part of ICMPv6. The Internet Protocol article covers the technical details on all of these protocols, both versions 4 and 6, to help network professionals that already know IPv4 to make the leap to IPv6. IPv6 is heavily based on IPv4, but has numerous enhancements and extensions that fix most of the problems encountered with IPv4. If you already know IPv4, learning IPv6 is like going from Windows XP to Windows 7, not like going from Windows XP to MAC OS-X or Linux. IPv6 is the same basic design as IPv4, but cleaned up and improved – not a radically different design. The node addresses used at the Internet Layer are known as IP addresses. In IPv4, these are 32 bit binary numbers that are mapped to Link Layer addresses by ARP (the Address Resolution Protocol). In IPv6, these are 128 bit binary numbers that are mapped onto Link Layer addresses by Neighbor Discovery Address Resolution (part of ICMPv6).
The Link Layer is the bottom layer of the TCP/IP stack, below the Internet Layer. It contains protocols such as ARP, PPP, Ethernet, DSL, FDDI, etc. The Internet Layer actually reads packets from the network and writes packets to the network using mechanisms in the Link Layer. Link Layer addresses are specific to the protocol used. For Ethernet/Wifi, the addresses are called MAC addresses, and are typically 48 bit binary values, burned into the hardware device (e.g. NIC). The Link Layer mechanisms exchange data only within a link (or “subnet”), which is a set of nodes connected to each other without intervening routers. To send a packet to a node in another subnet requires packet forwarding, which is done at the Internet Layer, using IP addresses.