F5 101 Application Delivery Fundamentals-Study Notes-OSI Layer

F5 101

Explain, compare, and contrast the OSI layers


 7 – Application

  • Interacts with the user (FTP/HTTP/SMB/SSH/etc.)

6 – Presentation

  • Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON)

5 – Session

  • Allows two endpoints to exchange data for a period of time.
  • NetBIOS, TCP/IP Sockets, RPCs
  • Not necessarily the length of a TCP connection

4 – Transport

  • Facilitates communication between multiple applications on different computers.
  • Multiplexes and de-multiplexes multiple applications onto one network.
  • Establishes, manages, and terminates connections.
  • TCP/UDP ports.

3 – Network

  • Routing and addressing.
  • Internet Protocol (IPv4, IPv6)/OSPF/ICMP/ARP.
  • Addresses packet for the final network destination.
  • Uses IP addresses.

2 – Data-link

  • Encapsulates upper layers into frames.
  • Addresses frame for the destination device on the same network.
  • Uses MAC addresses.
  • 11/Ethernet/ATM/Frame Relay.

1 – Physical

  • Converts bits to and from whatever transmission language is used by the physical hardware.
  • Hubs/Repeaters/Fiber/UTP/Connectors.

 Explain Protocols and Technologies Specific to the Data Link Layer

 Switch Forwarding Database

  • Learns MAC addresses of devices on the local broadcast domain, and which port they were learned on.
  • Helps the switch decide where to send each frame.


  • Helps a device discover the Layer 2 address of a corresponding Layer 3 address, in order to address its frame.
  • “Glues” together the IP and Ethernet protocols.

 MAC/Ethernet addresses

  • All networking devices have a physical burned in address (BIA) which they use for communications on the local network.
  • 6 bytes (48-bits) long
  • First 3 bytes identify the vendor that created the device (or NIC), also known as the OUI (Organisationally Unique Identifier)
  • Last 3 bytes uniquely identify the device
  • g. 78:31:c1:c8:22:8b

 Broadcast domain

  • A segment of the network where a device can transmit directly to another device without having to go through a router.
  • 1 VLAN = 1 Broadcast domain.
  • Broadcast frames cannot leave the broadcast domain.


  • A virtual broadcast domain created inside of a switch.
  • Before VLANs, everything connected to a switch would be in the same broadcast domain.
  • Now, a switch can create many virtual broadcast domains (VLANs) and allocate different ports to different broadcast domains.
  • Devices on different VLANs can communicate through a router or a Layer 3 switch.
  • A trunk port can carry multiple VLANs.

 Link Aggregation

  • F5 BIG-IP calls port-channels, or link aggregation “trunks”. – A trunk is an etherchannel, or link aggregation. – A VLAN trunk is a regular trunk (multiple VLANs traversing one link).
  • Link aggregation allows you to “bond” or “bundle” multiple physical interfaces into one logical interface.
  • Traffic is load balanced over the links using a hash of the source and destination L2 addresses.
  • Link Aggregation Control Protocol (LACP, 802.3ad) detects errors on a link agg, and allows the two devices to negotiate parameters for the connection.


Explain protocols and apply technologies specific to the network layer



  • Basically, subnetting and how IPv4 addresses are structured and work.
  • How do routing decisions get made? – Longest match wins. – ip.dst= – Routes:,,, – would be the route that gets matched, because it has the longest prefix/mask. Thanks for the comment slav, that was a silly, and confusing typo!

Routing Protocols

  • Distance Vector routing protocols (RIP/BGP).
  • Link State routing protocols (OSPF/ISIS).


  • If a packet needs to traverse a network with an MTU which is smaller than its size, it must be fragmented so that it fits.
  • Typical MTU on an Ethernet network is 1500 bytes.
  • A new IP header is put onto each fragment, indicating its size and fragment number.


  • Counts down from a value with each L3 hop a packet takes.
  • Stops traffic from getting into an endless routing loop.
  • When TTL reaches 0, the traffic is dropped.
  • Maximum TTL is 255, because it is an 8-bit field in the IP header.

Show source/dest IP/MAC at each hop

  • Make sure you know how the L2 and L3 src/dst addresses change at each point in the network.
  • When leaving a router, the L2 src address will be the router’s interface address, and the L2 dst will be the address of the next router, or the destination host.
  • The L3 src/dst addresses never change unless NAT is involved.


Explain the features and functionality of protocols and technologies specific to the transport layer



  • MTU is maximum size frame that can be sent at L2/L1.
  • MSS (maximum segment size) is a parameter determined by two L4 hosts when they establish a connection.
  • Neither host will send a TCP segment larger than the MSS.
  • MSS is supposed to be used to limit the amount of fragmenting that is required, as fragmenting uses additional resources.
  • Decrease the MSS to decrease the likelihood of fragmentation.


  • TCP does error checking with checksums added to the TCP header.
  • Each packet goes in order, and is accounted for by using acknowledgements.
  • If a packet isn’t acknowledged, it must be resent.
  • Three-way handshake: SYN,SYN-ACK,ACK.


  • Lower overhead than TCP.
  • No acknowledgements.


  • Allow multiple applications to run using one L3 address
  • FTP and HTTP can run on the same IP address, using different ports (21 and 80)

 TCP Reset (RST)

  • Allows a participant in a TCP session to abort the connection.
  • Typically used by a client when no acknowledgements are being received, and the connection appears unusable.

 Delayed Binding

  • The F5 BIG-IP will delay binding, which means it waits until the TCP session with the client is complete (3way handshake done) before it will connect to the server, and bind the client’s session to the server.
  • Protects the server from SYN flood attacks.


Explain the features and functionality of protocols and technologies specific to the application layer


  • TCP 80
  • HTTP 1.0 defined GET/POST/HEAD.
  • 1xx – Informational.
  • 2xx – Success.
  • 3xx – Redirect.
  • 4xx – Client error.
  • 5xx – Server error.
  • HEAD – Just returns response headers, no body.
  • POST – Data is sent to the server with the request (submit forms, etc.).
  • HTTP keep-alive used to re-use an existing HTTP connection instead of creating a new one.


  • UDP 53.
  • Resolves names into IP addresses.
  • Hierarchical distributed naming system.

 SIP (Session Initiation Protocol)

  • UDP/TCP 5060 + 5061.
  • Voice connection over the network.
  • Allows video conferencing, presence, IM and voice.
  • Enables unified communications.


  • Used to transfer files between hosts.
  • Uses separate control and data connections.
  • Can use authentication, but is in clear-text.
  • Also allows you to connect anonymously.

Active vs Passive FTP

  • Control port is generally TCP 21.
  • In Active mode, data port is TCP 20.
  • Active mode, the client specifies a port it is listening on for the server to connect the data channel on (server initiates data channel to client).
  • Passive mode, the server tells the client a random high (>1023) port to connect to for the data channel.
  • Passive mode is easier on the client’s firewall, as no inbound connections need to be allowed.

 SMTP (Simple Mail Transfer Protocol)

  • Mail delivery protocol.
  • TCP 25.
  • HELO (say hi).
  • EHLO (say hi, and use extended mode).
  • MAIL FROM: (sender).
  • RCPT TO: (recipient).
  • DATA (body).



  • State information stored by the web server on the user’s disk, to be later retrieved by the server.
  • Name-Value pairs.
  • Allows servers to remember you, or information about you/your session, regardless of your IP address.

 The Name Resolution Process


  • User tries connecting to xorcat.net.
  • User’s system looks in host file.
  • User’s system looks in local DNS cache.
  • User’s system queries its local DNS server (LDNS) for xorcat.net.
  • LDNS looks in its cache.
  • LDNS queries root .net server for server that is authoritative for xorcat.net.
  • LDNS queries xorcat.net authoritative server for A record of xorcat.net.
  • LDNS caches the response, sends it to the user, who also caches the response, and connects to the IP address.


  • URL – Uniform Resource Locator
  • A type of a Uniform Resource Identifier (URI)
  • URL includes the protocol used to access the resource, URIs do not necessarily
  • protocol://[user:[email protected]]host:port/path/to/resource?query#fragment

Find out how much you have understood about the OSI layer


Serves as the window for users and application processes to access the network services



Formats the data to be presented to the Application layer. It can be viewed as the Translator” for the network”



Allows session establishment between processes running on different stations



Ensures that messages are delivered error–free, in sequence, and with no losses or duplications



Controls the operations of the subnet, deciding which physical path the data takes



Provides error–free transfer of data frames from one node to another over the Physical layer

-Data Link


Concerned with the transmission and reception of the unstructured raw bit stream over the physical medium



What layer is this application/example:

End User Layer – Program that opens what was sent or creates what is to be sent



What layer is this application/example: Syntax Layer: Encrypt and decrypt


What layer is this application/example: Synch and send to ports: (logical ports)



What layer is this application/example: TCP: Host to host, Flow Control



What layer is this application/example: Packets : letter , contains IP address



What layer is this application/example: Frames – envelopes, contains MAC address

-Data Link


What layer is this application/example: Physical structure – Cables, hubs, etc



What are the 7 layers of OSI in order (from first to last)

-Physical, Data Link, Network, Transport, Session, Presentation, Application.


Example protocols of Application Layer-HTTP, FTP, IRC, SSH, DNS

Example protocols of Presentation Layer-SSL, FTP, IMAH, SSH

Example protocols of Session Layer-Various API’s, Sockets

Example protocols of Transport layer-TCP, UDP, ECN, SCTP, DCCP

Example protocols of Network Layer-IP, IPSec, ICMP, IGMP

Example protocols of Data Link Layer-Ethernet, SLIP, PPP, FDDI

Example protocols of Physical Layer-Coax, Fiber, Wireless


What layers can be considered as the application layer in the TCP/IP model?

-Application, Presentation, Session


What layers can be considered as the transport layer in the TCP/IP model?



What layers can be considered as the Internet layer in the TCP/IP model?



Source:User submitted post