ラーニングセンターに戻る

What is the Network Layer?

The network layer is layer 3 of the Open Systems Interconnection (OSI) Model.  The network layer is responsible for enabling communication between devices across different networks. Without it, data would not know how to find its way from one device to another across the internet or any other interconnected system.

What is the OSI Model?

Before digging into the network layer and its functions, it’s important to understand the Open Systems Interconnection model (OSI Model). The OSI Model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard communication protocols. 

In the OSI model, network communication is categorized into 7 different layers, each with its own specific functions. This helps to standardize how different computer systems and applications interact with each other and exchange data. Each layer has a responsibility to perform specific tasks concerning sending and receiving data. All of the layers are needed for a message to reach its destination.

What are the 7 layers of the OSI Model? 

1. Physical Layer. The Physical Layer of the OSI model refers to the physical equipment needed to transfer data -  think of switches and cables. Raw data bits are transferred over these physical mediums.

The physical layer is responsible for establishing a connection between physical devices.

2. Data Link Layer. The Data Link layer of the OSI model refers to the technology used to connect two machines across a network. The data link layer is further divided into two sublayers: the Logical Link Control (LLC) layer - responsible for flow and error control - and the Media Access Control (MAC) layer - responsible for providing access to the physical layer. These two sub-layers are controlled by the Network Interface Card (NIC) to ensure that the delivery of data from one computer node to another is completed successfully.  

In simpler terms, this layer of the OSI model is responsible for maintaining transmission of data between two nodes within the same network segment. 

3. Network Layer. The Network Layer of the OSI model is responsible for enabling the transfer of data from a source host on a network to a destination host on a different network. It enables packet forwarding and routing between different networks, or from one host computer to another. 

The network layer routes data through the fastest (shortest) physical path: think of this like traffic. It works around congestion, service priority, broken links, and many other ‘roadblocks’. Key activities at this layer include routing, forwarding and addressing across networks and connected networks of nodes or machines. 

4. Transport Layer. The Transport Layer of the OSI model is responsible for sending and delivering reliable or ‘correct’ data from one device to another, either through a network or between two networks. In order for a data pack to arrive correctly it must be: in the correct order, with no data losses or errors, and easily recovered.
It is common for the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) to be used at this level.

5. Session Layer. The Session Layer of the OSI model is responsible for managing connections between applications: this includes setting up, coordinating and breaking down these connections. 

The Session Layer helps to establish a link to start a session, authentication efforts to verify senders and receivers, authorization of shared communications, work to maintain sessions once they have been established, and finally termination of the connection upon completion. 

A real life example involves internet traffic: a user might wish to browse a webpage for a short period of time. The activities that occur behind the scenes to establish, authorize, maintain and then terminate this user’s session to their desired webpage are all performed on the Session Layer of the OSI model. 

6. Presentation Layer. The Presentation Layer of the OSI model is responsible for presenting data (packets of code) in a useful and usable format. Data packets flow through networks, often encrypted. When a packet arrives at layer 6, it must be presented in a usable format. 

In this layer, data may be converted, character code might be translated, data might be compressed, and data could be encrypted or decrypted - all activities that help present data in a ‘usable’ format. 

7. Application Layer. The Application Layer of the OSI model involves the way in which a user application (think browser, email, website) interfaces with the network. Layer 7 functions as the essential interface between the applications a user interacts with, and the underlying network its data travels through. 

As the top layer of the OSI model, layer 7 involves data processing just beneath the virtual surface of the applications a user interacts with.  Data is presented in a way that user-facing applications can actually use it. A common example is an HTTP request used to load a webpage.

What does the network layer do?

Now back to the network layer… The network layer of the OSI model is responsible for enabling the transfer of data from a source host on a network to a destination host on a different network. In very simple terms, you can think of the network layer as the ‘postal service’ of the internet - it determines where data (the ‘mail’ of the internet) should go and how it can get there most efficiently. 

The network layer (Layer 3) performs the following:

  • Routing: It determines the best path for data to travel across interconnected networks.

  • Logical Addressing: It assigns IP addresses to devices so they can be identified within a network.

  • Packet Forwarding: It delivers data packets from the source device to the destination device.

  • Fragmentation & Reassembly: It splits large data packets into smaller ones for transmission, then reassembles them at the destination.

Should you worry about network layer security? 

Short answer, yes! The network layer can be a very attractive target for attackers. Because it connects devices globally and can therefore have broad implications when impacted, bad actors may aim to target the network layer in order to:

  • Disrupt communications, with DoS or DDoS attacks.

  • Spoof identities, using IP spoofing techniques.

  • Hijack sessions or redirect traffic.

  • Scan and exploit vulnerable systems.

Securing this layer is crucial because breaches can impact all higher OSI layers, even if appropriate application or transport layer protections are in place.

What are the main security threats at the network layer? 

Denial-of-Service (DoS/DDoS). These attacks flood Layer 3 with massive volumes of packets to overwhelm network resources and ultimately take systems or websites down. 

IP Spoofing. Attackers forge IP addresses to impersonate trusted hosts, bypass access controls, or launch denial-of-service attacks.

Man-in-the-Middle (MitM) Attacks. Bad actors can intercept or alter traffic between two endpoints, often exploiting insecure routing or ARP poisoning (in conjunction with Layer 2).

Route Hijacking and BGP Attacks. Attackers can manipulate routing tables in order to redirect or blackhole traffic.

Packet Sniffing and Traffic Analysis. Without encryption, sensitive data in IP packets can be intercepted.

Fragmentation Attacks. Maliciously fragmented packets can bypass intrusion detection or firewalls.

How Fastly can help keep the network layer secure

Fastly’s AppSec solution suite can help secure your organization’s applications across all layers of the OSI model. We provide multi-layered protection that keeps you secure from the network layer to the application layer. 

Fastly’s AppSec offerings include: 

Fastly CDN: We’ve built security into the fabric of our platform. Fastly's real-time log streaming offers instant visibility into traffic, performance, threats, and troubleshooting. 

Fastly Next-Gen WAF: The Fastly Next-Gen WAF provides advanced protection for your applications, APIs, and microservices, wherever they live, from a single unified solution

API Security: Stop API abuse by monitoring for unexpected values and parameters submitted by endpoints and blocking unauthorized requests. Fastly can detect and block attacks in SOAP, REST, gRPC, WebSockets, and GraphQL APIs.

DDoS Protection: Deploy rapidly and immediately protect against application DDoS attacks. Leveraging our network’s massive bandwidth and adaptive techniques, Fastly DDoS Protection automatically keeps you performant and available without any required configuration.

Bot Management:  Fastly Bot Management quickly identifies and mitigates unwanted bot activity, protecting your applications against a variety of automated attacks.

Enhance your network layer security. Explore Fastly's AppSec solutions today.

Learn about Fastly’s Security offerings.

詳細

Fastly
© Fastly 2025