The Transport Layer: Understanding layer 4 of the OSI Model

I like to think of the transport layer as the layer of the OSI Model that enables more interesting traffic. While we network engineers may love a lot of the simpler uses of the IP protocol and networks in general, we'd all be jobless without the transport layer.

Layer 4 provides for the transparent transfer of data for users, systems, and applications and reliable data transfer services to the upper levels. Since the vast majority of our network traffic is IP-based nowadays, it's probably easiest to think about layer 4 as it relates to IP traffic specifically.

The transport layer controls the reliability of communications through flow control, segmentation, and error control. Two great examples of transport protocols are TCP (as in TCP/IP) and UDP. Understanding the differences between TCP and UDP really helps when troubleshooting and when trying to understand the results from a packet capture. TCP, or the Transmission Control Protocol, is connection oriented. This means that when a TCP conversation occurs a session is established and that session is used to control and ensure the flow of data between. Once the conversation is finished the session is terminated. UDP, or the User Datagram Protocol, is not connection oriented. It's a simpler and in some ways more elegant protocol and data is transferred in a "best effort" type of style vs. the guaranteed delivery with TCP.

Related Stories

Darragh Delaney: Troubleshooting application problems by looking at network traffic

Oftentimes, layers 4-7 can be grouped together and thought of as the application layers. Because we work so much with TCP/IP nowadays, even though TCP/IP is a layer 4 stack I sometimes find myself thinking of it as the application layer. Maybe it's because I tend to associate applications with TCP ports. As a matter of fact, when I started writing this post I titled it "Layer 4 of the OSI Model - understanding the application layer," and then I had to go back and correct myself. Even though this is a common mistake and many folks tend to group these levels, understanding the differences between layers 4-7 of the OSI Model will help to enhance your troubleshooting and design skills.

Layer 4 is also sort of the "hot" layer right now. Years ago, layer 3 was talked about a lot as layer 3 switches were new on the market and in high demand. Today, layer 4 switches are available and application accelerators, WAN accelerators, load balancers, and firewalls all operate at the layer 4 level.  In the case of a WAN accelerator, most operate by first identifying the application via TCP port and then by breaking down, optimizing, and the rebuilding the TCP session as it passes through and between the WAN optimizers.

Last but not least, network management technologies that leverage flow-based network traffic analysis like NetFlow and IPFix leverage the transport layer information including TCP port numbers and session start/stop/duration to identify and measure application traffic.

In a nutshell, while in the old days many network administrators would consider anything above layer 3 to beyond their demarc of responsibility - sagacious network engineers today treat layer 4 and above as well.

Flame on...


Follow me on Twitter

Josh Stephens is Head Geek and VP of Technology at SolarWinds, an IT management software company based in Austin, Texas. He shares network management best practices on SolarWinds’ GeekSpeak and thwack. Follow Josh on Twitter@sw_headgeek and SolarWinds @solarwinds_inc.  

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon