0

I've been learning about client server communication and read that according to OSI there are several layers where protocols are implemented. For example, TCP happens at layer 4 and HTTP at layer 7.

In what layer is GraphQL implemented?

I've been using it "over" HTTP so it seems it should be in layer 8 but it doesn't exist in OSI.

Juan Perez
  • 212
  • 2
  • 10
  • 2
    All application protocols are in OSI layer 7, but OSI itself doesn't exist any more, so why anyone should be worrying about, or learning, or teaching, the OSI reference model has been a mystery to me for nearly 30 years. – user207421 Jun 13 '23 at 11:18
  • The OSI model's layers are primarily concerned with lower-level protocols and technologies, such as physical connections, network routing, TCP, data links and session management. While it's not explicitly defined in the OSI model, GraphQL is located at the application layer, which is layer 7. – Byte Ninja Jun 13 '23 at 11:25
  • @user207421 as a self-taught newbie i found many places that explained internet protocols and client-server things often talked about the 7 layers. But yes, it seems its not something that I should care about – Juan Perez Jun 13 '23 at 13:59
  • Places that talk about Internet protocols should talk about the TCP/IP 5-layer model, not the OSI 7-layer model, which was only ever intended to apply to the OSI protocol suite itself, which came *after* the TCP/IP model, and which is more or less defunct. However unfortunately academia jumped on the OSI bandwagon and have been teaching it to this day. – user207421 Jun 14 '23 at 02:11

1 Answers1

4

Although still frequently used as a basis for analysing protocols, the OSI model was intended as a framework for designing protocol stacks. It was designed in the 1980s, before the Internet became the dominant networking system, and long before the invention of HTTP by Tim Berners-Lee et al in the mid-1990s. Its relevance and applicability to current protocols is questionable.

The actual protocol stack in common use is TCP/IP, which was not designed based on those definitions, and doesn't map cleanly to them. In TCP/IP, there is a single "application layer", which corresponds roughly to "the OSI application layer, presentation layer, and most of the session layer" (Wikipedia summary). HTTP is commonly called "layer 7" simply because that's the closest match, but it doesn't explicitly rely on the existence of any layer 5 and 6 protocols, as was envisioned by the OSI model.

Neither definition captures the modern reality that many protocols are layered not directly onto TCP/IP, but onto HTTP. As you say, there is no "layer 8" in the standard OSI model. The use of HTTP is more a matter of pragmatic code reuse than theoretical division of responsibilities.

A similar problem applies to traditional TLS: it sits somewhere in between TCP (transport layer) and HTTP (application layer), but doesn't correspond to the definitions for layer 5 or 6 in the original OSI model. In modern usage, it also negotiates aspects needed by the application layer (e.g. Server Name Indication).

The picture is further muddied by HTTP/3, which bypasses TCP completely, building a new stack on top of UDP and a new protocol called QUIC. QUIC incorporates features that were previously part of TCP, TLS, and HTTP, such as a combined handshake, rather than separately establishing TCP, TLS, and HTTP/2 sessions.

Running GraphQL over HTTP/3 gives you IP -> UDP -> QUIC -> HTTP/3 -> GraphQL, a set of layers with completely different responsibilities to those envisioned by the OSI 40 years ago.

IMSoP
  • 89,526
  • 13
  • 117
  • 169