Layer 7

<< Back to Technical Glossary

OSI Layer 7 Definition

Layer 7 refers to the outermost seventh layer of the Open Systems Interconnect (OSI) Model. This highest layer, also known as the application layer, supports end-user applications and processes.

This layer is closest to the end user and is wholly application-specific. Layer 7 identifies the parties as they communicate, assesses service quality between them, and deals with issues such as constraints on data syntax, user authentication, and privacy.

Image depicts a Layer 7 OSI Model with the details for all layers starting from Layer 1.


Layer 7 FAQs

What is Layer 7?

Layer 7 or the application layer of the OSI reference model deals directly with applications. Within this narrow scope, layer 7 is responsible for displaying data and images to the user in a format humans can recognize. This in turn enables users to interface with the presentation layer below the application level. Layer 7 then helps implement a communication component by interacting with software applications.

Layer 7 functions include identifying communication partners, determining availability and quality of resources, and finally synchronizing communication. Layer 7 identifies available communicators and then determines whether the selected communication method and sufficient resources exist to determine communication partners. Then, layer 7 establishes and synchronizes communication through the cooperating communication partners.

What is the OSI Model?

The Open Systems Interconnection (OSI) model was created by the International Organization for Standardization as a conceptual model to enable communication via standard protocols between diverse communication systems. In other words, the OSI reference model serves as a common communication standard for different computer systems, much like a common language or monetary system for humans.

In some sense, the 7 layer OSI model is a computer networking universal language. The model itself is based on a notion of seven abstract layers of a communication system, each stacked upon the last. Each OSI reference model layer communicates with the layers above and below it, and handles specific tasks.

[In fact, some DDoS attacks target specific network connection layers. For example, protocol layer attacks target layers 3 and 4, and application layer attacks target layer 7. We will discuss more on these kinds of DDoS attacks and layer 4 vs layer 7 DDoS methods in the section below.]

What are the seven layers of the OSI model?

Layer 7: The Application Layer

Closest to the end user, layer 7 is the only layer that interacts directly with user data. Email clients, web browsers, and other software applications all rely on layer 7 to initiate communications. However, client software applications do not reside at, and are not part of, the application layer.

Instead, the application layer establishes connections with applications at the other end to present meaningful data to the user after facilitating communication through lower layers. Layer 7 is responsible for the data manipulation and protocols that software needs to present data so it is meaningful to humans. For example, layer 7 protocols include HTTP which enables internet communication and SMTP which enables email communications.

Layer 6: The Presentation Layer

The presentation layer represents the translation or preparation to and from application and network formats. Layer 6 prepares and presents data for use and consumption by the network or applications. The presentation layer is responsible for data encryption, translation, and compression.

Various devices may be communicating using different methods for encoding, so layer 6 translates incoming data into a comprehensible syntax for the receiving device’s application layer. The presentation layer also adds sender side layer 7 encryption and decodes encryption upon receipt to present usable data at the application layer.

Finally, layer 6 also compresses and delivers data it receives from layer 7 to the session layer. This minimizes the amount of data transferred, improving the efficiency and speed of communication.

Layer 5: The Session Layer

The session layer opens and closes sessions, or communication times between devices. The session layer strikes a balance between saving resources by closing sessions promptly, and ensuring all exchanged data is properly transferred by maintaining the open session for a sufficient amount of time.

The session layer creates a session any time two computers, devices, or servers need to communicate. Functions at this layer involve session setup, coordination, and termination. The session layer also protects data transfers from crashes and other problems by synchronizing transfers with checkpoints. This allows the session to be resumed from the point of the most recent checkpoint in the case of a crash or disconnect.

Layer 4: The Transport Layer

Layer 4 handles data transfer and end-to-end communication between devices, end systems, and hosts. This includes segmenting data from the session layer before sending it to layer 3, and reassembling the segmented data on the receiving end into consumable data for the session layer.

In addition, the transport layer handles error control and flow control. On the receiving end, the transport layer performs error control by ensuring the data is complete and if it isn’t, requesting a retransmission. To ensure that receivers with slower connections are not overwhelmed by senders with faster connections, flow control determines an optimal data transmission speed and ideal targets and quantities for sending.

The Transmission Control Protocol (TCP), built atop the Internet Protocol (IP), is the best known example of the transport layer. This is typically called TCP/IP. Layer 4 is home to TCP and UDP port numbers, while the network layer or layer 3 is where IP addresses work.

Layer 3: The Network Layer

The network layer supports router functionality by facilitating data transfer between networks. Layer 3 breaks transport layer segments on the sender’s device into smaller units, called packets. It then forwards the packets and identifies the optimal physical path for them to the destination through routers, and reassembles them at the receiving device. The network layer enables routers to find the best way among millions of options for different servers or devices to connect efficiently.

Layer 2: The Data Link Layer

The data link layer facilitates node-to-node data transfer between devices on the same network. Layer 2 also breaks data packets, in this case from the network layer, into smaller pieces. At the data link layer these pieces are called frames. Layer 2 also manages error control and flow control in intra-network communication.

Layer 1: The Physical Layer

This layer is the physical and electrical manifestation of the system and it includes the equipment involved in the data transfer, such as the switches, radio frequency link, and cable types, and physical requirements from voltages to pin layouts. Data is converted into a bitstream at this layer, and so communicating devices can distinguish 1s from 0s on both devices, the physical layers of devices must agree on a signal convention.

If the modern internet more closely follows the simpler and less theoretical 4 layer TCP/IP model, why is OSI 7 layer technology still important to understand? The structure of the OSI theoretical model still frames troubleshooting context for network problems and discussions of protocols. The layered structure of the model helps isolate problems, identify their causes, and break them down into more manageable tasks while avoiding unnecessary work in irrelevant layers.

Data flows through the OSI 7 layer network model in a specific way to render data readable and usable by humans and devices. Here is an example:

  • A writes an email to B. A uses an email application to compose the message on a laptop and sends it.
  • The application sends the message to the application layer.
  • Layer 7 selects a protocol (SMTP) and passes the data to layer 6.
  • The presentation layer compresses the data and passes it to layer 5.
  • The session layer initializes the communication session and sends A’s data to layer 4.
  • The transport layer segments the data in the message and passes them to layer 3.
  • The network layer breaks the segments into packets and sends them to layer 2.
  • The data link layer breaks the packets down even further into frames and delivers them layer 1.
  • The physical layer converts the email data into a bitstream of 1s and 0s and transmits it through a cable or other physical medium.
  • B’s computer receives the bitstream physically through a wifi or other physical medium, and the email data begins to flow back through the same series of layers in the opposite order on B’s device.

What is a Layer 7 DDoS Attack?

Application layer attacks, also called layer 7 DDoS attacks, refer to malicious cyberattacks that target requests such as HTTP POST and HTTP GET from the outermost or top OSI model layer. In contrast to DNS amplification attacks and other network layer attacks, these DoS layer 7 attack methods are particularly effective due to their consumption of network and server resources.

Most layer 7 DDoS methods are based on the relative disparity between the amount of resources it requires to successfully launch compared to the resources required for layer 7 DDoS mitigation. It simply demands less total bandwidth to create the same amount of damage and disruption with a layer 7 attack.

For example, responding to user requests to login to sites, query databases, or even just produce a webpage, all demand disproportionately greater amounts of resources from the server. Multiple targeted requests directed at the same online property can overwhelm a server, causing a denial-of-service or even taking the service offline.

It is difficult to prevent application layer DDoS attacks because it is particularly tricky to distinguish between normal traffic and attack traffic, especially in the case of a layer 7 problem. A botnet launching an HTTP flood attack can make each network request to the victim’s server seem as though it is not spoofed.

To respond to and prevent layer 7 application attacks, it is important to deploy an adaptive traffic limiting strategy based on particular rules which can fluctuate regularly and layer 7 monitoring tools. A properly configured layer 7 firewall or web application firewall (WAF) can greatly diminish the impact of a layer 7 DoS attempt by mitigating how much bogus traffic is passed on to the server. A challenge to devices such as a CAPTCHA test can also help mitigate application layer attacks. Other layer 7 protection strategies for HTTP floods include network analysis by engineers and using an IP reputation database to filter and manage traffic.

OSI Model vs 4 Layer TCP/IP Model

The TCP/IP model of the internet does not focus as much on layering and strict hierarchical encapsulation in terms of the design of protocols compared to the OSI 7 layer protocol model. Rather than seven layers, TCP/IP derives four broad layers of functionality from their contained protocols’ respective operating scopes. These are:

  • The application layer derived from the software application scope;
  • The transport layer derived from the path of the host-to-host transport;
  • The internet layer derived from the internetworking range; and
  • The network interface layer derived from the scope of other nodes directly linked on the local network.

Although the layering concept is distinct between the models, these TCP/IP layers are frequently compared with the OSI layering scheme as follows:

  • The OSI application layer, presentation layer, and most of the session layer (layers 5, 6, and 7) map to the internet application layer.
  • The OSI session and transport layers (layers 4 and 5) map to the TCP/IP transport layer.
  • A subset of the OSI network layer (layer 3) maps to the internet layer’s functions.
  • The OSI data link and network layers (layers 2 and 1) map to the link layer and may include similar protocols and functions.

In terms of layer 7 or application layer implementations, these vary depending on the stack. On the OSI stack X.400 Mail, Common Management Information Protocol (CMIP), and File Transfer and Access Management Protocol (FTAM) are all layer 7 implementations. On the transmission control protocol/internet protocol TCP/IP stack application layer implementations include: File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), and Simple Network Management Protocol (SNMP).

Layer 4 vs Layer 7 Load Balancing

There are load balancing options at various layers in the OSI networking model. Here are two layer 4 and layer 7 load balancing examples to illustrate the differences between layer 4 vs layer 7 load balancing.

Layer 4 concerns message delivery, not message content, and operates at the intermediate transport layer. Layer 4 load balancers simply inspect the first few packets in the TCP stream, and make limited routing decisions based on their inspections, forwarding network packets to and from the upstream server without really getting into packet content.

Layer 7 load balancing deals with the actual content of each message and operates at the high level application layer. More sophisticated than Layer 4 load balancers, Layer 7 load balancers terminate network traffic and review its content to make load balancing decisions. They reuse an existing TCP connection or create a new one to write the request to the server.

Many application delivery controllers and load balancers blend simpler, traditional layer 4 load balancing with layer 7 content switching technology which is more sensitive. Layer 7 content switching is also known as application switching, request switching, or content based routing.

As an example of layer 7 OSI protocols, consider a user visiting a high traffic website to access dynamic content such as a news feed, static content such as video or images, or the status of an order or other transactional details. During the session, the layer 7 load balancer routes request based on what kind of content is in the requests themselves. This allows requests for media to be routed to servers that are highly optimized to store and serve up multimedia content, for example, and requests for transactional data to be routed to the application server that manages those details.

In this way, layer 7 routing enables application and network architects to create an optimized server infrastructure or application delivery network that scales efficiently to meet demand and is reliable. A layer 7 reverse proxy server also performs layer 7 load balancing.

Benefits of layer 7 load balancing include:

  • CPU intensive Layer 7 load balancing is still less likely to hurt performance than packet based Layer 4 load balancing.
  • Layer 7 load balancing applies optimizations such as encryption and compression to the content and makes smarter load balancing decisions.
  • Layer 7 load balancing improves performance by buffering to offload slow connections from servers upstream.

Does VMware NSX Advanced Load Balancer Offer a Layer 7 Load Balancer?

Yes. The software-defined Load Balancer from the VMware NSX Advanced Load Balancer provides scalable application delivery across L4 and L7 protocols in the networking stack and any infrastructure. The Software Load Balancer delivers performance, speed, and reliability for modern enterprises, forming the backbone of the Platform. Learn more about VMware NSX Advanced Load Balancer’s layer 7 traffic shaping features and layer 7 load balancing configuration.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.