drinkingbird
Part of the Furniture
TL;DR - If it's TL, then DR!
Since there has been some confusion recently, figured I'd post a high/medium level summary for any that are interested in knowing more about the differences and networking technology in general.
The further up you go in the "layers" of the OSI model, the more processing power is needed and the more overhead is added.
Starting at the lowest layer:
1. A *traditional* repeater (NOT your AP/Router running in repeater mode, more on that in a second) operates at layer 1 (Physical) and blindly duplicates or "repeats" a signal (electrical, optical, RF, etc). It connects two or more layer 1 segments together into a single one. A multiport repeater is called a Hub. The data type here is going to be raw 1's and 0's and the carrier for them is going to be volts, watts, db, etc, i.e. "raw" signals. The average home user isn't going to encounter a traditional repeater these days. The most common use for repeaters today is on long fiber or microwave/wireless spans where they simply want to regenerate and amplify a dirty, degraded signal to a fresh new one, but without actually caring about or looking at the data passing through it. Multiple stations on the same Layer 1 segment are known to be in the same Collision Domain.
NOTE - Your router or AP running in repeater mode is a bit more complicated. The most basic (single radio used to connect to the main AP and to clients, cutting your usable bandwidth in half) is going to be somewhere between a traditional repeater and a bridge. I guess you could call it an intelligent repeater. It does not blindly duplicate all wifi signals as that would be a mess, you have to tell it the SSID and password that you want it to repeat and it is aware of and interacts with all the clients connected to it (mostly for collision detection/avoidance since it is half duplex). But at the same time, it doesn't necessarily have to interact with the actual data being passed. On the other hand, a dual radio repeater (i.e. one radio for backhaul and another for clients) is, in most cases, literally just a wireless to wireless bridge.
2. A bridge operates at layer 2 (Data Link) and connects two or more layer 2 devices or segments into one, aka "bridges" them together. A multiport bridge is called a switch. The data type here is frames (ethernet frames being the most common these days) and endpoints are differentiated using MAC/hardware addresses. Instead of blindly duplicating data, it uses MAC addresses or other hardware IDs to send data only where it is needed. Technically a 2 port bridge doesn't need to track hardware IDs, anything that comes in one port goes out the other, and vice versa, but they will still be aware of the MACs connected generally. A modem (even dial up) is a type of bridge. If you have cable or 5G (or fiber with MOCA/coax between ONT and router) then your ISP router is actually a modem, bridge, and router in one unit, and when you run it in "bridge mode" all that means is that you are disabling the router, leaving the modem/bridge active. In reality, it is ALWAYS bridging either way. If you just have a plain modem from them, that's just a bridge (with modem for the ability to convert the signal from say DOCSIS to Ethernet or LTE to Ethernet etc). A bridge can connect identical media types (i.e. an ethernet switch) or disparate ones (i.e. your cable modem coax to ethernet, your fiber ONT converting WDM light waves to copper ethernet, etc). But the conversion and interconnection is always done at layer 2 with some intelligence involved. Multiple stations on the same Layer 2 segment are known to be in the same Broadcast Domain.
Another good example is your Asus router. It is a bridge/switch with a router connected to it (actually it is even more than that, but bear with me). In traditional networking it would be considered a Layer 3 switch, in linux terms it is a "Brouter". When you run it in AP mode (or media bridge/ethernet bridge mode) that is just a plain bridge, the router portion is simply disabled. When you run it in router mode, it is a bridge and a router in one unit.
3. A router operates at layer 3 (Network) and "routes" traffic between multiple layer 2 networks, separating them into different "broadcast domains" but still allowing communication between them. Layer 3 switches are technically routers, just stripped down versions that can perform much faster due to less support for features and interfaces. The data type here is packets, and endpoints are differentiated using IP addresses. In the case of your home router, the WAN is one L2 segment and the LAN is another, with the router routing traffic between them.
4. Firewalls are mainly layer 4 (Transport) and most routers and even Layer 3 switches are able to do some layer 4 operations (such as port filtering, PAT, etc). Most firewalls/security devices can do some operations at layer 5 and up also.
5. Layer 5-7 is mostly going to be related to client devices and the applications that run on them, not really getting into that here.
Every layer includes the layers below it. For example, a router must operate at layer 3, 2, and 1. It specializes in layer 3 but has to be able to pass things out a physical port, which means it has to encapsulate the layer 3 packet into a layer 2 frame, then the layer 2 frame into a voltage/series of 1s and 0s to feed the physical port. The switch hanging off that router doesn't need to know about anything at layer 3 or IP addressing, and it will specialize in layer 2 operations, then convert the data to voltage to pass out the port.
It can get confusing as the terms are often used somewhat incorrectly. For example, your Asus "router" is actually a full layer 7 computing device. It runs an OS, applications, and also has a hardware bridge/switch and chip based (hardware accelerated software) router in it, plus a firewall capable of doing NAT, etc. But this is a perfect example of how as you move up in the layers, you lose performance. Two devices connected to two LAN ports can easily hit full wire speed with very little CPU impact on the Asus. That same data passing through to the WAN will likely be slower and peg the CPU at 100%. Running applications on it will show the biggest performance limitations as they will rely almost totally on the relatively slow CPU.
To put that another way, on a typical home-oriented "router" the main functions would roughly correspond as:
Layer 1 - Physical - Volts and 1's & 0's - the physical ports and the voltage they put out (and the wifi radios and their RF).
Layer 2 - Data Link - Ethernet Frames - the internal bridge that connects those ports/radios together
Layer 3 - Network - IP Addresses - the internal router that connects the LAN and WAN (and in some cases, guest wifi) together
Layer 4 - Transport - TCP/UDP ports (and other protocols too) - the basic firewall port filtering and NAT'ing, also handles buffering/congestion mitigation so basic QOS happens here too
Layer 5 - Session - Sessions (makes sense right) - connection control (establishing and tearing down connections) and more advanced firewall/application operations such as session and state monitoring/enforcement
Layer 6 - Presentation - Data/Codec (ASCII is one example, there's many others) - Encryption mostly happens here, not much else on the Asus
Layer 7 - Application - "Pictures and Human Readable Text" - Lots happens here, from the linux OS, to the Web GUI, to advanced QOS, to aiprotection, to scripts, etc etc. Due to the low powered nature of these devices, the OS and code are very stripped down and optimized, and as many functions as possible are assisted or offloaded onto lower layers or dedicated sub-processors/ASICs. For example when you enter a QOS rule in the GUI, that is actually sent down (in most cases) to be handled at layer 4, taking advantage of some hardware acceleration in the network chipset instead of purely relying on the CPU. Layer 7 actually has two definitions, one in the OSI stack and one in the TCP stack. Fairly similar in nature just focused on different aspects.
A final but worthwhile note - the lines between these layers are far more blurry now than when this model was developed. It is now more of a guideline than a rule and it is open to interpretation/opinion (I'm sure there will be a few posts with differing interpretation/opinion on some of the above).
One example is IGMP snooping. IGMP is a layer 3 IP/Router protocol for Multicast. Dumb switches interpret multicast as broadcast making them very inefficient since it essentially turns them into hubs. But to increase efficiency, smart switches have been coded to be able to look into (snoop) the IP/UDP header, see the multicast group info, and make a decision using that knowledge (stopping sending the data to a port that isn't asking for it, and sending it to ports that do ask for it). It can't modify the header, it doesn't even really know what an IP address is (since it is not a Layer 3 router) but it has been given the ability to look at a specific spot for a specific pattern.
Another example is encryption. It can happen as low as Layer 2 (MACSEC) or as high as Layer 7 (Password protecting a file). Heck, it technically originated at Layer 1 with morse code and can still be done today (in crude fashion) with modulation and encoding at the physical layer. Remember squiggle porn on cable TV? That was essentially layer 1 encryption. Injecting noise that you could remove with a bandpass filter (or length of coax with a coke can properly placed). But in reality most encryption spans many layers, especially when you consider that you can be on a wifi network with WPA encryption, going over a VPN with IPSEC or SSL encryption, and finally hitting a website with SSL/TLS encryption.
Since there has been some confusion recently, figured I'd post a high/medium level summary for any that are interested in knowing more about the differences and networking technology in general.
The further up you go in the "layers" of the OSI model, the more processing power is needed and the more overhead is added.
Starting at the lowest layer:
1. A *traditional* repeater (NOT your AP/Router running in repeater mode, more on that in a second) operates at layer 1 (Physical) and blindly duplicates or "repeats" a signal (electrical, optical, RF, etc). It connects two or more layer 1 segments together into a single one. A multiport repeater is called a Hub. The data type here is going to be raw 1's and 0's and the carrier for them is going to be volts, watts, db, etc, i.e. "raw" signals. The average home user isn't going to encounter a traditional repeater these days. The most common use for repeaters today is on long fiber or microwave/wireless spans where they simply want to regenerate and amplify a dirty, degraded signal to a fresh new one, but without actually caring about or looking at the data passing through it. Multiple stations on the same Layer 1 segment are known to be in the same Collision Domain.
NOTE - Your router or AP running in repeater mode is a bit more complicated. The most basic (single radio used to connect to the main AP and to clients, cutting your usable bandwidth in half) is going to be somewhere between a traditional repeater and a bridge. I guess you could call it an intelligent repeater. It does not blindly duplicate all wifi signals as that would be a mess, you have to tell it the SSID and password that you want it to repeat and it is aware of and interacts with all the clients connected to it (mostly for collision detection/avoidance since it is half duplex). But at the same time, it doesn't necessarily have to interact with the actual data being passed. On the other hand, a dual radio repeater (i.e. one radio for backhaul and another for clients) is, in most cases, literally just a wireless to wireless bridge.
2. A bridge operates at layer 2 (Data Link) and connects two or more layer 2 devices or segments into one, aka "bridges" them together. A multiport bridge is called a switch. The data type here is frames (ethernet frames being the most common these days) and endpoints are differentiated using MAC/hardware addresses. Instead of blindly duplicating data, it uses MAC addresses or other hardware IDs to send data only where it is needed. Technically a 2 port bridge doesn't need to track hardware IDs, anything that comes in one port goes out the other, and vice versa, but they will still be aware of the MACs connected generally. A modem (even dial up) is a type of bridge. If you have cable or 5G (or fiber with MOCA/coax between ONT and router) then your ISP router is actually a modem, bridge, and router in one unit, and when you run it in "bridge mode" all that means is that you are disabling the router, leaving the modem/bridge active. In reality, it is ALWAYS bridging either way. If you just have a plain modem from them, that's just a bridge (with modem for the ability to convert the signal from say DOCSIS to Ethernet or LTE to Ethernet etc). A bridge can connect identical media types (i.e. an ethernet switch) or disparate ones (i.e. your cable modem coax to ethernet, your fiber ONT converting WDM light waves to copper ethernet, etc). But the conversion and interconnection is always done at layer 2 with some intelligence involved. Multiple stations on the same Layer 2 segment are known to be in the same Broadcast Domain.
Another good example is your Asus router. It is a bridge/switch with a router connected to it (actually it is even more than that, but bear with me). In traditional networking it would be considered a Layer 3 switch, in linux terms it is a "Brouter". When you run it in AP mode (or media bridge/ethernet bridge mode) that is just a plain bridge, the router portion is simply disabled. When you run it in router mode, it is a bridge and a router in one unit.
3. A router operates at layer 3 (Network) and "routes" traffic between multiple layer 2 networks, separating them into different "broadcast domains" but still allowing communication between them. Layer 3 switches are technically routers, just stripped down versions that can perform much faster due to less support for features and interfaces. The data type here is packets, and endpoints are differentiated using IP addresses. In the case of your home router, the WAN is one L2 segment and the LAN is another, with the router routing traffic between them.
4. Firewalls are mainly layer 4 (Transport) and most routers and even Layer 3 switches are able to do some layer 4 operations (such as port filtering, PAT, etc). Most firewalls/security devices can do some operations at layer 5 and up also.
5. Layer 5-7 is mostly going to be related to client devices and the applications that run on them, not really getting into that here.
Every layer includes the layers below it. For example, a router must operate at layer 3, 2, and 1. It specializes in layer 3 but has to be able to pass things out a physical port, which means it has to encapsulate the layer 3 packet into a layer 2 frame, then the layer 2 frame into a voltage/series of 1s and 0s to feed the physical port. The switch hanging off that router doesn't need to know about anything at layer 3 or IP addressing, and it will specialize in layer 2 operations, then convert the data to voltage to pass out the port.
It can get confusing as the terms are often used somewhat incorrectly. For example, your Asus "router" is actually a full layer 7 computing device. It runs an OS, applications, and also has a hardware bridge/switch and chip based (hardware accelerated software) router in it, plus a firewall capable of doing NAT, etc. But this is a perfect example of how as you move up in the layers, you lose performance. Two devices connected to two LAN ports can easily hit full wire speed with very little CPU impact on the Asus. That same data passing through to the WAN will likely be slower and peg the CPU at 100%. Running applications on it will show the biggest performance limitations as they will rely almost totally on the relatively slow CPU.
To put that another way, on a typical home-oriented "router" the main functions would roughly correspond as:
Layer 1 - Physical - Volts and 1's & 0's - the physical ports and the voltage they put out (and the wifi radios and their RF).
Layer 2 - Data Link - Ethernet Frames - the internal bridge that connects those ports/radios together
Layer 3 - Network - IP Addresses - the internal router that connects the LAN and WAN (and in some cases, guest wifi) together
Layer 4 - Transport - TCP/UDP ports (and other protocols too) - the basic firewall port filtering and NAT'ing, also handles buffering/congestion mitigation so basic QOS happens here too
Layer 5 - Session - Sessions (makes sense right) - connection control (establishing and tearing down connections) and more advanced firewall/application operations such as session and state monitoring/enforcement
Layer 6 - Presentation - Data/Codec (ASCII is one example, there's many others) - Encryption mostly happens here, not much else on the Asus
Layer 7 - Application - "Pictures and Human Readable Text" - Lots happens here, from the linux OS, to the Web GUI, to advanced QOS, to aiprotection, to scripts, etc etc. Due to the low powered nature of these devices, the OS and code are very stripped down and optimized, and as many functions as possible are assisted or offloaded onto lower layers or dedicated sub-processors/ASICs. For example when you enter a QOS rule in the GUI, that is actually sent down (in most cases) to be handled at layer 4, taking advantage of some hardware acceleration in the network chipset instead of purely relying on the CPU. Layer 7 actually has two definitions, one in the OSI stack and one in the TCP stack. Fairly similar in nature just focused on different aspects.
A final but worthwhile note - the lines between these layers are far more blurry now than when this model was developed. It is now more of a guideline than a rule and it is open to interpretation/opinion (I'm sure there will be a few posts with differing interpretation/opinion on some of the above).
One example is IGMP snooping. IGMP is a layer 3 IP/Router protocol for Multicast. Dumb switches interpret multicast as broadcast making them very inefficient since it essentially turns them into hubs. But to increase efficiency, smart switches have been coded to be able to look into (snoop) the IP/UDP header, see the multicast group info, and make a decision using that knowledge (stopping sending the data to a port that isn't asking for it, and sending it to ports that do ask for it). It can't modify the header, it doesn't even really know what an IP address is (since it is not a Layer 3 router) but it has been given the ability to look at a specific spot for a specific pattern.
Another example is encryption. It can happen as low as Layer 2 (MACSEC) or as high as Layer 7 (Password protecting a file). Heck, it technically originated at Layer 1 with morse code and can still be done today (in crude fashion) with modulation and encoding at the physical layer. Remember squiggle porn on cable TV? That was essentially layer 1 encryption. Injecting noise that you could remove with a bandpass filter (or length of coax with a coke can properly placed). But in reality most encryption spans many layers, especially when you consider that you can be on a wifi network with WPA encryption, going over a VPN with IPSEC or SSL encryption, and finally hitting a website with SSL/TLS encryption.
Last edited: