#OSI Model & TCP/IP
Understand the networking foundation that powers the internet and all DevOps infrastructure.
#šÆ Learning Objectives
After completing this section, you will be able to:
- Explain each layer of the OSI and TCP/IP models
- Identify which protocols operate at each layer
- Troubleshoot network issues by understanding layer interactions
- Map real-world network traffic to appropriate layers
#OSI Model (7 Layers)
The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes network communication into seven distinct layers.
| Layer | Name | Function | Protocols/Examples | DevOps Relevance |
|---|---|---|---|---|
| 7 | Application | User interface & network services | HTTP, HTTPS, SSH, DNS, FTP | API calls, web servers |
| 6 | Presentation | Data formatting, encryption | SSL/TLS, JPEG, ASCII | Certificate management |
| 5 | Session | Connection management | NetBIOS, RPC, SMB | Session handling |
| 4 | Transport | End-to-end delivery | TCP, UDP | Port management, load balancing |
| 3 | Network | Routing & addressing | IP, ICMP, ARP | VPC design, subnetting |
| 2 | Data Link | Local network delivery | Ethernet, MAC, PPP | NIC configuration |
| 1 | Physical | Hardware transmission | Cables, Fiber, Wireless | Data center infrastructure |
#Layer Deep Dive
#Layer 7 - Application Layer
bash
1# Examples of Layer 7 protocols in action
2curl https://api.github.com/users/octocat # HTTPS
3ssh user@server.example.com # SSH
4dig google.com # DNS#Layer 4 - Transport Layer
bash
1# View active TCP connections
2netstat -tuln # Linux
3Get-NetTCPConnection # Windows PowerShell
4
5# Test TCP connectivity
6nc -zv hostname 443 # netcat
7Test-NetConnection hostname -Port 443 # PowerShell#Layer 3 - Network Layer
bash
1# View routing table
2ip route show # Linux
3route print # Windows
4
5# Trace packet path
6traceroute google.com # Linux
7tracert google.com # Windows#TCP/IP Model (4 Layers)
The TCP/IP model is the practical implementation used on the internet, mapping to the OSI model.
| TCP/IP Layer | OSI Equivalent | Key Protocols | Description |
|---|---|---|---|
| Application | Layers 5-7 | HTTP, DNS, SSH, SMTP, FTP | User-facing services |
| Transport | Layer 4 | TCP, UDP | Reliable/unreliable delivery |
| Internet | Layer 3 | IP, ICMP, ARP | Logical addressing & routing |
| Network Access | Layers 1-2 | Ethernet, Wi-Fi | Physical transmission |
#Protocol Stack Visualization
diagram
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā Application Layer ā ā āāāāāāāāāāā āāāāāāāāāāā āāāāāāāāāāā āāāāāāāāāāāā ā ā HTTP ā ā DNS ā ā SSH ā ā SMTP āā ā āāāāāā¬āāāāā āāāāāā¬āāāāā āāāāāā¬āāāāā āāāāāā¬āāāāāā āāāāāāāāā“āāāāāāāāāāā“āāāāāāāāāāā“āāāāāāāāāāā“āāāāāāāā¤ ā Transport Layer ā ā āāāāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāāāā ā ā ā TCP ā ā UDP ā ā ā ā (Reliable, ordered)ā ā(Fast, connectionless)ā ā āāāāāāāāāāā¬āāāāāāāāāā āāāāāāāāāāā¬āāāāāāāāāā ā āāāāāāāāāāāāāā“āāāāāāāāāāāāāāāāāāāāāā“āāāāāāāāāāāāāāā¤ ā Internet Layer ā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā ā IP ā ā ā ā (Addressing & Routing) ā ā ā āāāāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāā ā āāāāāāāāāāāāāāāāāāāāāāāāāā“āāāāāāāāāāāāāāāāāāāāāāāāā¤ ā Network Access Layer ā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā ā Ethernet / Wi-Fi ā ā ā ā (Physical transmission) ā ā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
#TCP vs UDP
Understanding when to use TCP vs UDP is crucial for DevOps engineers.
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless |
| Reliability | Guaranteed delivery with acknowledgments | No guarantee (best-effort) |
| Ordering | Packets delivered in order | No ordering guarantee |
| Speed | Slower (overhead for reliability) | Faster (minimal overhead) |
| Header Size | 20-60 bytes | 8 bytes |
| Flow Control | Yes (sliding window) | No |
| Error Checking | Checksum + retransmission | Checksum only |
#When to Use Each
Use TCP for:
- Web traffic (HTTP/HTTPS)
- SSH connections
- Database connections
- File transfers (FTP, SFTP)
- Email (SMTP, IMAP)
Use UDP for:
- DNS queries (small, quick)
- Streaming media
- Gaming
- VoIP
- Monitoring/logging (where occasional loss is acceptable)
#TCP Three-Way Handshake
diagram
Client Server ā ā ā āāāāāāāā SYN (seq=x) āāāāāāāāŗ ā ā ā ā āāāāā SYN-ACK (seq=y, ack=x+1)ā ā ā ā āāāāāāāā ACK (ack=y+1) āāāāāāāŗā ā ā ā Connection Established ā ā ā
#Common Ports Reference
Every DevOps engineer should know these essential ports:
#Well-Known Ports (0-1023)
| Port | Service | Protocol | Description |
|---|---|---|---|
| 20/21 | FTP | TCP | File Transfer Protocol |
| 22 | SSH | TCP | Secure Shell |
| 23 | Telnet | TCP | Unsecure remote access (avoid!) |
| 25 | SMTP | TCP | Email sending |
| 53 | DNS | TCP/UDP | Domain Name System |
| 67/68 | DHCP | UDP | Dynamic Host Configuration |
| 80 | HTTP | TCP | Web traffic (unencrypted) |
| 110 | POP3 | TCP | Email retrieval |
| 143 | IMAP | TCP | Email retrieval |
| 443 | HTTPS | TCP | Web traffic (encrypted) |
#Registered Ports (1024-49151)
| Port | Service | Protocol | Description |
|---|---|---|---|
| 3000 | Dev servers | TCP | Node.js, React default |
| 3306 | MySQL | TCP | MySQL database |
| 5432 | PostgreSQL | TCP | PostgreSQL database |
| 5672 | RabbitMQ | TCP | Message broker |
| 6379 | Redis | TCP | In-memory cache |
| 8080 | HTTP Alt | TCP | Alternative HTTP |
| 8443 | HTTPS Alt | TCP | Alternative HTTPS |
| 9090 | Prometheus | TCP | Metrics server |
| 9200 | Elasticsearch | TCP | Search engine |
| 27017 | MongoDB | TCP | Document database |
#Practical Troubleshooting Commands
#Check If a Port Is Open
bash
1# Linux - using netcat
2nc -zv hostname 443
3# Output: Connection to hostname 443 port [tcp/https] succeeded!
4
5# Linux - using telnet
6telnet hostname 443
7
8# Windows PowerShell
9Test-NetConnection -ComputerName hostname -Port 443#View Listening Ports
bash
1# Linux - all listening ports
2ss -tuln
3netstat -tuln
4
5# Filter specific port
6ss -tuln | grep :80
7
8# Windows
9netstat -an | findstr LISTENING
10Get-NetTCPConnection -State Listen#Packet Capture Basics
bash
1# Capture HTTP traffic
2sudo tcpdump -i eth0 port 80
3
4# Capture with more detail
5sudo tcpdump -i any -nn -v port 443
6
7# Save to file for Wireshark analysis
8sudo tcpdump -i eth0 -w capture.pcap#IP Addressing Essentials
#IPv4 Address Classes
| Class | Range | Default Subnet | Use Case |
|---|---|---|---|
| A | 1.0.0.0 - 126.255.255.255 | 255.0.0.0 (/8) | Large networks |
| B | 128.0.0.0 - 191.255.255.255 | 255.255.0.0 (/16) | Medium networks |
| C | 192.0.0.0 - 223.255.255.255 | 255.255.255.0 (/24) | Small networks |
#Private IP Ranges (RFC 1918)
10.0.0.0 - 10.255.255.255 (10.0.0.0/8) - Class A private
172.16.0.0 - 172.31.255.255 (172.16.0.0/12) - Class B private
192.168.0.0 - 192.168.255.255 (192.168.0.0/16) - Class C private#CIDR Notation Quick Reference
| CIDR | Subnet Mask | Usable Hosts |
|---|---|---|
| /32 | 255.255.255.255 | 1 |
| /30 | 255.255.255.252 | 2 |
| /28 | 255.255.255.240 | 14 |
| /24 | 255.255.255.0 | 254 |
| /16 | 255.255.0.0 | 65,534 |
| /8 | 255.0.0.0 | 16,777,214 |
#Key Takeaways
- OSI Model provides a conceptual framework; TCP/IP is the practical implementation
- TCP is reliable but slower; UDP is fast but unreliable
- Memorize common ports - they appear in every DevOps scenario
- Master troubleshooting commands:
netstat,ss,tcpdump,traceroute - Understanding networking layers helps isolate problems effectively
[!TIP] Mnemonic for OSI layers: "Please Do Not Throw Sausage Pizza Away" (Physical ā Application)
[!NOTE] DevOps Application: When configuring firewalls, security groups, or load balancers, you're primarily working at Layers 3-4 (IP addresses and ports) and Layer 7 (application-level routing).