Summary: The Complete Journey
Your PC (192.168.1.10)
│
│ Create HTTP request
│ Encode UTF-8 → Compress → Encrypt (TLS)
▼
┌─────────────────────────────────────────┐
│ Ethernet: Dest=Router MAC │
│ IP: Dest=142.250.190.14 (Google) │
│ TCP: Dest Port=443 │
│ TLS: Encrypted HTTP data │
└─────────────────────────────────────────┘
│
▼
Your Router (NAT: private → public IP)
│
▼
ISP Routers (forward based on IP)
│
▼
Google Edge Router (forward to internal)
│
▼
Google Load Balancer (NAT: public → private server IP)
│
▼
Google Server (10.0.0.20)
│
│ Decrypt → Decompress → Decode
│ Process HTTP request
▼
Response travels back the same way
What is the OSI Model?
A theoretical 7-layer model that describes how data moves from an application to physical transmission. Created in 1984 to standardize network communication.
The 7 Layers
| Layer | Name | Unit | Purpose | Example |
|---|---|---|---|---|
| 7 | Application | Data | What to communicate | HTTP, SMTP, DNS |
| 6 | Presentation | Data | How to format data | TLS, UTF-8, gzip |
| 5 | Session | Data | Managing conversations | Connection state |
| 4 | Transport | Segment | Reliable delivery | TCP, UDP |
| 3 | Network | Packet | Routing across networks | IP |
| 2 | Data Link | Frame | Local delivery | Ethernet, Wi-Fi |
| 1 | Physical | Bits | Transmit raw signals | Cables, radio |
OSI vs TCP/IP (Reality)
The internet uses TCP/IP model, not OSI. Layers 5, 6, 7 are merged into “Application” layer in practice.
OSI Model (7 layers) TCP/IP Model (4 layers)
───────────────────── ─────────────────────
7. Application ─┐
6. Presentation ├────────► Application (HTTP + TLS + sessions)
5. Session ─┘
4. Transport ─────────► Transport (TCP, UDP)
3. Network ─────────► Internet (IP)
2. Data Link ─┐
1. Physical ─┴────────► Network Access (Ethernet, Wi-Fi)
TLS handles both session (handshake) and presentation (encryption) as one protocol, built into applications.
Encapsulation: How Data Gets Wrapped
Each layer adds its own header as data moves down the stack.
Layer 7 (Application) - HTTP
┌─────────────────────────────────────────────────────────────┐
│ GET /index.html HTTP/1.1 │
│ Host: example.com │
└─────────────────────────────────────────────────────────────┘
│
▼ wrapped by
Layer 4 (Transport) - TCP Segment
┌─────────────────────────────────────────────────────────────────────────┐
│ TCP Header (20 bytes) │ HTTP Data │
│ ┌─────────────────────────────────┐ │ │
│ │ Src Port: 52431 │ │ │
│ │ Dest Port: 80 │ │ │
│ │ Seq, Ack, Flags │ │ │
│ └─────────────────────────────────┘ │ │
└─────────────────────────────────────────────────────────────────────────┘
│
▼ wrapped by
Layer 3 (Network) - IP Packet
┌───────────────────────────────────────────────────────────────────────────────┐
│ IP Header (20 bytes) │ TCP Segment │
│ ┌─────────────────────────────────┐ │ │
│ │ Src IP: 192.168.1.100 │ │ │
│ │ Dest IP: 93.184.216.34 │ │ │
│ │ TTL: 64 │ │ │
│ └─────────────────────────────────┘ │ │
└───────────────────────────────────────────────────────────────────────────────┘
│
▼ wrapped by
Layer 2 (Data Link) - Ethernet Frame
┌─────────────────────────────────────────────────────────────────────────────────────┐
│ Ethernet Header (14 bytes) │ IP Packet │ CRC (4B) │
│ ┌─────────────────────────────────┐ │ │ │
│ │ Dest MAC: aa:bb:cc:dd:ee:ff │ │ │ │
│ │ Src MAC: 11:22:33:44:55:66 │ │ │ │
│ │ Type: 0x0800 (IPv4) │ │ │ │
│ └─────────────────────────────────┘ │ │ │
└─────────────────────────────────────────────────────────────────────────────────────┘
│
▼ converted to
Layer 1 (Physical) - Bits on Wire
┌─────────────────────────────────────────────────────────────────────────────────────┐
│ 01001010 11010010 00101101 10101010 01010101 ... │
│ Electrical signals (copper) / Light pulses (fiber) / Radio waves (Wi-Fi) │
└─────────────────────────────────────────────────────────────────────────────────────┘
Overhead
Extra bytes added by each layer for routing/reliability:
┌─────────────────────────────────────────────────────────────────┐
│ Ethernet │ IP Header │ TCP Header │ HTTP Request │ Ethernet │
│ Header │ │ │ (your data) │ Trailer │
│ 14 bytes │ 20 bytes │ 20 bytes │ ~100 bytes │ 4 bytes │
├──────────┴───────────┴────────────┴──────────────┴─────────────┤
│ Total: ~158 bytes │
│ Your actual data: ~100 bytes │
│ Overhead: ~58 bytes (37%) │
└─────────────────────────────────────────────────────────────────┘
Layer 2: Ethernet Frames Stay Local
Ethernet frames never leave your local network. They only travel within one LAN segment.
Key Distinction
- Layer 2 (Ethernet): Uses MAC addresses - identifies devices on same local network
- Layer 3 (IP): Uses IP addresses - identifies devices across networks (routing between LANs)
What Changes at Each Router Hop
Hop 1 Hop 2 Hop 3
(Your LAN) (Internet) (Dest LAN)
Layer 2 (MAC): AA → RR RR → SS SS → GG ← CHANGES each hop
Layer 3 (IP): You → Google You → Google You → Google ← STAYS SAME end-to-end
Your frame with your MAC address never reaches Google. Each router:
- Strips the old Ethernet frame
- Reads the IP destination
- Creates a new Ethernet frame for the next hop
Layer 3: Routing Across Networks
How Routers Forward Packets
Your PC Internet Google
192.168.1.10 routers
(private)
│
│ NAT at your router
▼
203.0.113.50 ─────────────────────────────► 142.250.190.14
(your public IP) (Google's public IP)
│
│ NAT at Google
▼
10.0.0.20
(private server)
Private IP Ranges (RFC 1918)
These IPs can’t be routed on the internet:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Internet routers drop packets destined to these IPs - they’re not unique globally.
NAT: How Your Router Finds Your Device
Your home router uses a NAT table to track outgoing connections.
Outgoing Request
Your PC Router Internet
192.168.1.10:52431 203.0.113.50
│ │
│ Src: 192.168.1.10:52431 │
│ Dest: 142.250.190.14:80 │
└──────────────────────────►│
│
Router does NAT: │ Src: 203.0.113.50:12345
Changes source IP/port │ Dest: 142.250.190.14:80
└──────────────────────────────────►
Router saves in NAT table:
┌─────────────────────────┬──────────────────────┬─────────────────────┐
│ Internal IP:Port │ External IP:Port │ Destination │
├─────────────────────────┼──────────────────────┼─────────────────────┤
│ 192.168.1.10:52431 │ 203.0.113.50:12345 │ 142.250.190.14:80 │
└─────────────────────────┴──────────────────────┴─────────────────────┘
Incoming Response
Internet Router Your PC
│ │ │
│ Src: 142.250.190.14:80 │ │
│ Dest: 203.0.113.50:12345 │ │
└──────────────────────────►│ │
│ │
Router checks NAT table:│ │
"Port 12345 = 192.168.1.10:52431" │
│ Dest: 192.168.1.10:52431 │
└──────────────────────────────►│
The external PORT is the key to finding your device.
Google’s Network: Router vs Load Balancer
Different Devices, Different Jobs
| Device | Primary Job | Changes IP? |
|---|---|---|
| Edge Router | Forward packets between networks | No |
| Load Balancer | Distribute traffic across servers | Yes (NAT) |
| Internal Router | Route within data center | No |
Traffic Flow at Google
Internet
│
▼
┌─────────────────┐
│ Edge Router │ "Packet for 142.250.190.14 goes to our network"
│ │ Just forwards based on IP routing table
└────────┬────────┘
│
▼
┌─────────────────┐
│ Load Balancer │ "Pick one of 1000 servers to handle this"
│ │ NAT: 142.250.190.14 → 10.0.0.20
└────────┬────────┘
│
▼
┌─────────────────┐
│ Internal │ "Server 10.0.0.20 is in rack 5, building 3"
│ Router/Switch │ Routes within data center
└────────┬────────┘
│
▼
Server 10.0.0.20
Layer 4 vs Layer 7 Load Balancer
Layer 4 (NLB): Sees IP + Port only. Fast, simple.
Layer 7 (ALB): Sees HTTP content. Can route by URL path, headers, cookies.
Example Layer 7 routing:
/api/* → API servers
/images/* → CDN servers
/app/* → App servers
Presentation Layer: Encoding → Compression → Encryption
Order of Operations
1. Encode (UTF-8) → 2. Compress (gzip) → 3. Encrypt (TLS)
Why This Order?
Text ("Hello")
│
│ Must have bytes before compression
▼
Bytes (48 65 6C 6C 6F) ← Encoding creates bytes
│
│ Compress while patterns visible
▼
Compressed bytes (1F 8B ...) ← Smaller
│
│ Encrypt last (encrypted data can't compress)
▼
Encrypted bytes (A3 7F ...) ← Secure
Encrypted data looks random - no patterns to compress. So compress first, then encrypt.
What Gets Compressed
HTTP Response:
┌──────────────────────────────────────────────────────────────┐
│ Headers: HTTP/1.1 200 OK │ NOT compressed │
│ Content-Encoding: gzip │ (need to read first) │
├────────────────────────────────────┼─────────────────────────┤
│ Body: <html>...</html> │ Compressed (gzip) │
└──────────────────────────────────────────────────────────────┘
From Layer 4 Down: Everything is Just Bytes
Lower layers don’t know what the data means.
Layer 7 (Application): "Hello, 日本語" ← Meaningful text
Layer 6 (Presentation): UTF-8 encode + TLS encrypt
─────────────────────────────────
Layer 4 (Transport): 48 65 6C 6C 6F ... ← Just bytes
Layer 3 (Network): 48 65 6C 6C 6F ... ← Just bytes
Layer 2 (Data Link): 48 65 6C 6C 6F ... ← Just bytes
Layer 1 (Physical): 01001000 01100101 ... ← Just bits
TCP/IP/Ethernet don’t care if payload is text, image, video, or encrypted data. They just move bytes from A to B.
TTL and Hop Count
TTL (Time To Live) starts from your home router.
Your PC Router 1 Router 2 Server
(not a hop) (Hop 1) (Hop 2)
Your home ISP
│ │ │ │
│ TTL=64 │ │ │
├────────────────────►│ │ │
│ │ TTL=63 │ │
│ ├─────────────────►│ │
│ │ │ TTL=62 │
│ │ ├─────────────────►│
Your PC is the source, not a hop. Hops are routers that forward packets.
traceroute: See the Path
traceroute google.com
Example Output
1 192.168.1.254 5.565 ms 4.935 ms 2.699 ms ← Your home router
2 51.171.0.1 31.834 ms 29.647 ms 32.340 ms ← ISP router
3 86.43.13.61 31.819 ms 30.950 ms 38.142 ms ← ISP backbone
6 * * * ← Silent (firewall blocks)
10 172.253.51.60 35.313 ms ← Google network
209.85.143.78 35.563 ms ← Different path (load balancing)
209.85.244.222 39.853 ms ← Different path
21 209.85.202.113 35.192 ms ← Destination
How It Works
Probe 1: TTL=1 → Dies at Hop 1 → Hop 1 replies → Measure time
Probe 2: TTL=2 → Dies at Hop 2 → Hop 2 replies → Measure time
Probe 3: TTL=3 → Dies at Hop 3 → Hop 3 replies → Measure time
...
3 probes per hop to show:
- Consistency (similar times = stable)
- Packet loss (* = no reply)
- Load balancing (different IPs = multiple paths)
Reading the Output
| Pattern | Meaning |
|---|---|
* * * | Router doesn’t respond (but packet passed through) |
| Multiple IPs per hop | Load balancing - different paths |
| ms times | Round-trip from YOUR laptop to that hop and back |
Notes
- OSI is theoretical; TCP/IP is what the internet actually uses
- Layer numbers (L4, L7) are still useful shorthand in practice
- MAC addresses change at each hop; IP addresses stay end-to-end
- NAT happens at your router (outgoing) and load balancer (incoming)
- Compression before encryption (encrypted data doesn’t compress)
- traceroute times are round-trip from your machine, not cumulative