OSI Reference Model
OSI RM: Open Systems Interconnect Reference Model (open Systeminterconnection Reference Model)
The OSI Reference model has the following advantages:
Simplifies the related network operation;
Provide compatibility and standard interface between devices;
promote standardization work;
The structure can be separated;
Easy to implement and maintain.
Since the 1960s, the computer network has been growing rapidly. In order to dominate in the field of data communication networks, major manufacturers have launched their own network architecture and standards, such as IBM's Sna,novell ipx/spx agreement, Apple's AppleTalk agreement, Dec DECnet, and the widely popular TCP /IP protocol. At the same time, the major manufacturers for their own agreement to produce different hardware and software. The joint efforts of various manufacturers have promoted the rapid development of network technology and the rapid growth of the types of network equipment. However, due to the coexistence of multiple protocols, the network becomes more and more complex, and the network devices between the manufacturers are mostly incompatible and difficult to communicate.
In order to solve the network compatibility problems, to help manufacturers to produce compatible network equipment, ISO in 1984, the OSI RM (Opensystem interconnection Reference model, open System Interconnect Reference Model). The OSI reference model quickly becomes the basic model of computer network communication. In designing the OSI Reference Model, the following principles are followed: there is a clear boundary between the layers to achieve a specific function, the division of the hierarchy is conducive to the development of international standards Agreement; The number of layers should be sufficient to avoid duplication of functionality across layers.
The OSI reference model is usually the first layer to the third layer called the underlying (lower layer), also known as the media layer (media layers), the bottom is responsible for data transmission in the network, network interconnection devices are often located in the next three layers, hardware and software to achieve the way. The fifth to seventh layers of the OSI reference model are called high-level (upper layer) and several layers (host layer), which are used to ensure the correct transmission of data and are implemented in software mode.
OSI seven-layer function:
Because the OSI model and protocol are complex, they are not widely used.
TCP/IP (Transfer Control Protocol/internet protocol, Transmission Protocol/Internet Protocol) model has been widely used in practice because of its openness and ease of use, and the TCP/IP protocol stack has become the mainstream protocol of the Internet.
Each level of the TCP/IP model corresponds to a different protocol. The TCP/IP protocol stack is a collection of data communication protocols that contain many protocols. Its protocol stack name comes from the two most important protocols TCP (Transmission Control Protocol) and IP (Internet Protocol). The TCP/IP protocol stack is responsible for ensuring communication between network devices. It is a set of rules that specify how information is transmitted over the network.
TCP/IP inter-layer communication and data encapsulation of model
Each layer of TCP/IP allows data to be transmitted over the network, and these tiers use PDUs (Protocol data units) to exchange information with each other to ensure communication between network devices.
A. When A TCP header is added to the transport layer data, the PDU is called segment (data segment);
B. The data segment is passed to the network layer, and the PDU obtained by adding IP header to the network layer is called Packet (packet);
C. Packets are passed to the data link layer, and the PDU that encapsulates the data link layer header is called frame (data frame);
D. Frames are converted to bits and transmitted over the network media.
This protocol stack passes data down, and the process of adding headers and tails is called encapsulation, and after the data is encapsulated and transmitted over the network, the receiving device deletes the added information and determines how the data is passed along the protocol stack to the appropriate application based on the information in the header, a process known as unpacking. The peer layer of different devices relies on encapsulation and encapsulation to achieve mutual communication.
Physical Layer Features:
Specify the type of media, interface type, signaling type;
Specification of electrical, mechanical, process and functional requirements for activating, maintaining and shutting down physical links between end systems;
Specifications for levels, data rates, maximum transmission distances, and physical connectors.
The physical layer standard specifies the physical medium and the connector used to connect the device to the physical medium.
For example, the common physical layer of the LAN standard has IEEE-specified Ethernet standard 802.3, token bus standard 802.4, Token Ring standard 802.5 and the United States National standard Organization ANSI X3T9.5 committee developed the optical cable standard FDDI (Fiber distributed Data interface, Fiber distributed interface), etc. The common physical layer standard for WAN is the common physical layer interface standard eia/tia-232 (i.e. RS-232) developed by the Electronics Industry Association and the Telecommunication Industry Association (EIA/TIA), and the Serial Line interface standard developed by the ITU International Telecommunication Union, v.24 and V.35, and standard g.703 on the physical and electrical characteristics of various digital interfaces.
Physical layer media and physical layer devices:
Physical layer Media:
Coaxial cable (coaxical cable)
Twisted pair (twisted pair)
Fiber Optics (fiber)
Radio waves (Wireless Raido)
Coaxial cable is an early-use transmission medium, the standard of coaxial cable is divided into two kinds, 10base2 and 10BASE5. Both standards support 10Mbps transmission rates, with a maximum transmission distance of 185 meters and 500 meters respectively. Coaxial cable use for 10BASE5 and 10BASE2
The diameter of the coaxial cable is 9.5mm and 5mm respectively, so the former is also known as the thick cable, the latter is called the thin cable. In general, the 10BASE2 coaxial cable uses a BNC connector, and the 10BASE5 coaxial cable uses the N-type connector. At present, the 10Mbps transmission rate can not meet the current enterprise network requirements, so coaxial cable in the current enterprise network is seldom used.
Twisted pair Wire
The twisted pair uses a pair of insulated metal conductors to resist a part of the external electromagnetic interference by stranding each other. The two insulated copper conductors are twisted together in a certain density to reduce the degree of signal interference, each wire in the transmission of the radiation will be emitted by another line of radio waves to cancel, "twisted pair" name is also from this.
The twisted pair (Twistedpair) has a lower manufacturing and deployment cost than a coaxial cable and is therefore widely used in the enterprise network. Twisted pair can be divided into shielded twisted pair (shieldedtwisted PAIR,STP) and unshielded twisted pair (unshieldedtwisted PAIR,UTP). Shielded twisted pair wires have a metal shielding layer between the twisted pair and the outer insulating envelope, which shields the electromagnetic interference.
There are many types of twisted pair, and the transmission rates supported by different types of twisted pair are generally not the same. For example, the Class 3 twisted pair supports a 10Mbps transfer rate, the 5 class twisted pair supports a 100Mbps transfer rate, meets the Fast Ethernet standard, and the Ultra 5 twisted pair and higher level twisted pair support Gigabit Ethernet transmission.
Twisted pair Line sequence:
568A Line sequence:
1-Green white, 2-green, 3-orange white, 4-blue, 5-blue white, 6-orange, 7-Brown white, 8-brown
568B Line sequence:
1-Orange white, 2-orange, 3-green white, 4-blue, 5-blue white, 6 green, 7-Brown white, 8-brown
According to the network cable at both ends of the connection of different devices, cable is divided into straight lines (parallel lines) and crossover line two kinds.
Straight line (parallel) is produced according to the 568A Standard or 568B standard described above (that is, the line sequence at both ends of the twisted pair line, 568A of the line sequence is not commonly used, is the main use of 568B line sequence)
One end of the crossover line maintains the original line order, and the other end switches 1 and 3, 2 and 5.
Application of Straight line and crossover line:
1. The same type of equipment between the use of cross-line connection between the different types of equipment using a straight line connection;
2. Routers and PCs belong to the DTE (dataterminal equipment, data terminal equipment) type device, switch and hub data DCE (data circuit-terminatingequipment, datacom device) type devices.
Twisted-pair and coaxial cables use electrical signals when transmitting data, while optical signals are used to transmit data. The transmission rates supported by the fiber include 10mbps,100mbps,1gbps,10gbps, or even higher. According to the optical fiber transmission optical signal mode, the fiber can be divided into single mode fiber and multimode fiber. Single Mode optical fiber can only transmit one pattern of light, there is no die colors dispersion, so it is suitable for long-distance transmission. Multimode optical fibers allow different modes of light to be transmitted on a single fiber, and because of the large modulus colors, the signal pulse broadening is serious, so multimode fiber is mainly used for short distance transmission in local area network. Fiber optic connector Types drink a lot, commonly used connectors include ST,FC,SC,LC connectors.
A variety of serial cables are often used in network communication. The common serial cable standard is RS-232, and it is also the recommended standard. However, the transmission rate of the RS-232 is limited and the transmission distance is only 6 meters. Other serial cable standards can support longer transmission distances, such as RS-422 and RS-485 transmission distances of up to 1200 meters. RS-422 and RS-485 serial cables typically use v.35 connectors, which have been eliminated in the 80 's, but are still used on traditional networks such as Frame Relay and ATM. V.24 is the European version of the RS-232 standard. The RS-232 itself does not define the connector standard and the common connector types are DB-9 and DB-25. Now, RS-232 has gradually been replaced by new standards such as FireWire and USB, and new products and devices have been widely used in USB standards.
is a 10BASE5 Ethernet, each host with the same coaxial cable to communicate with other hosts, therefore, the coaxial cable here is also known as shared media, the corresponding network is called a shared media network, or simply a shared network. In a shared network, when different hosts send data at the same time, there is a problem of signal conflict, and the method to solve this problem is to use carrier-based multi-access/collision detection (Carrier Sense multiple access/collisiondetection).
The basic working process of CSMA/CD is as follows:
1. The terminal continuously detects the status of the shared line. If the line is idle, data can be sent, and if the line is not idle, wait for a period of time to continue detection (the delay time is determined by the Backoff algorithm).
2. If there is another device sending data at the same time, the data sent by the two devices will conflict.
3. After detecting a conflict, the terminal device immediately stops sending its own data and sends special blocking information to strengthen the conflict signal so that the other sites on the line can detect the conflict as early as possible.
4. After the terminal device detects a conflict, it waits for a period of time before the data is sent (the delay time is determined by the Backoff algorithm).
CSMA/CD's working principle can be summed up as follows: First listen to the post, the side of the hair and listen, the conflict stopped, random delay after the re-hair.
Physical layer devices: repeaters and hubs
Data Link Layer
The data link layer is divided into Mac sub-layer and LLC Sublayer
Macsub-layer : Media access Controlsub-layer Control sub-layer
The Mac sub-layer is responsible for specifying how the data travels through physical lines and communicating down to the physical layer, which defines functions such as physical addressing, network topology, line specification, error notification, sequential delivery, and flow control.
Llcsub-layer : Logic Link Control sub-layer Logical link Controls sub-layer
The LLC Sublayer is responsible for identifying the protocol type and encapsulating the data for transmission over the network. The LLC Sublayer mainly performs most of the functions of the data link layer and some functions of the network layer. such as the frame of the transceiver function, when sent, the frame is sent by the data plus the address and CRC verification, such as the composition, receive the frame apart, perform address recognition, CRC check, and has frame sequence control, error control, flow control and other functions. In addition, it performs the functions of some network layers such as datagrams, virtual circuits, multiplexing, and so on.
Data Link Layer protocol
The Data Link layer protocol specifies how the data link layer frames are encapsulated.
The Data Link layer protocol commonly used in LAN has IEEE802.2 LLC standard.
The commonly used data link layer protocols for WAN are:
HDLC (High-level Data link control)
PPP (Point-to-Point protocol, dot-to-Point Protocol)
FR (Frame Relay, Frames relay)
Data Link layer-Ethernet address (MAC address)
The MAC address of the network device is unique worldwide. The MAC address consists of 48 bits, usually represented by a hexadecimal number. The first 6 hexadecimal digits are assigned by the IEEE to the device manufacturer uniformly, and the last 6 hexadecimal digits are assigned by the vendor itself.
Function: Forward packets between different networks
Devices: Routers, layer three switches
Network Layer Protocol
Common network layer protocols are:
IP (Internet Protocol): IP is the most important protocol of network layer, its function is the main function of network layer, one is to provide the logical address, the second is to provide the routing function, and the third is the package and package of the message. ICMP, ARP, rarp protocol auxiliary IP work.
ICMP (Internet Control Message Protocol) is a management protocol and provides information services for IP, and ICMP messages are hosted in IP packets.
ARP (Address Resolution Protocol) implements the dynamic mapping of IP address to hardware address, which is the corresponding hardware address based on a known IP address.
RARP (Reverse address Resolution Protocol) implements dynamic mapping of hardware addresses to IP addresses, i.e. obtaining the corresponding IP address based on a known hardware address.
Network Layer Address: The network address uniquely identifies a network device at the network layer.
Network address contains two parts: network id+ Host ID (next section main content)
segmented upper layer data;
Establish an end-to-end connection;
Transferring data from one side of the host to the host at the other end;
Ensure that data is delivered sequentially, reliably and correctly.
Transport Layer Protocol:
The Transport Layer protocol mainly contains TCP (Transfer Control Protocol) and user Data Message Protocol UDP (Subscriber Datagram Protocol)
TCP provides a connection-oriented, reliable byte-stream service. Connection-oriented means that a TCP connection must be established between two applications that use the TCP protocol as the Transport Layer protocol before exchanging data with each other. TCP provides reliable transmission services for upper-layer applications through validation, verification, and reorganization. However, the establishment of TCP connections, as well as the validation, verification and other mechanisms require a lot of work and will bring a lot of overhead.
UDP provides a simple, datagram-oriented service. UDP does not guarantee reliability, that is, the message can not be guaranteed to reach the destination. UDP is suitable for applications that pay more attention to transmission efficiency, such as SNMP, RADIUS, SNMP monitoring network and intermittent sending of alerts and other messages, if each send a small amount of information need to establish a TCP connection, will undoubtedly reduce transmission efficiency, so such as SNMP, Applications that focus more on transmission efficiency, such as radius, choose UDP as the Transport layer protocol. In addition, UDP is applicable to the application layer protocol, which has its own reliability mechanism.
Application Layer Features
To provide users with interface, processing of specific applications;
Data encryption, decryption, compression and decompression;
Defines the criteria for data representation.
Application Layer Protocol
The application layer has many protocols, and the following protocols can help you use and manage TCP/IP networks:
FTP (file transferprotocol) files Transfer Protocol. Used to transfer stand-alone files, typically for interactive user sessions.
HTTP (Hypertexttransfer Protocol) Hypertext Transfer Protocol. Used to transfer files that make up the pages on the World Wide Web.
TELNET : Remote terminal access. Used to transfer data with Telnet control information. It provides a standard way to interact with end-device or terminal processes, supporting terminal-to-terminal connections and process-to-process distributed computing communication.
SMTP (Simple messagetransfer Protocol) Easy Mail Transfer Protocol and
The POP3 (post OfficeprotocoL) Post Office Protocol is used to send and receive messages.
DNS (Domain NameServer) is a Domain Name Service protocol that provides domain-to-IP conversion, allowing decentralized management of domain name resources.
TFTP (Trivial filetransfer Protocol) Simple File Transfer protocol. Designed for general purpose, high-throughput file transfers.
RIP (routinginformation Protocol) routers are used to exchange routing information on an IP network protocol.
SNMP (Simple networkmanagement Protocol) collects network management information and exchanges network management information between the Network management console and network devices such as routers, bridges, and servers.
The Radius (remoteauthentication Dial in user Service) dial-in Access Remote authentication protocol completes the authentication, authorization, and billing functions of the Access user.
In the transport layer using TCP or UPD, network layer using IP, link layer using Ethernet as an example, you can see the TCP/IP message encapsulation process as shown. The user data passes through the Application Layer protocol encapsulation to the transport layer, the transport layer encapsulates the TCP head, to the network layer, the network layer encapsulates the IP head, then to the data link layer, the Data link layer encapsulates the Ethernet frame head and the frame tail, to the physical layer, the physical layer in the form of bitstream to send data to the physical line.
TCP protocol Overview:
TCP provides a connection-oriented, reliable service for applications.
The reliability of TCP:
Maximum message segment length
Transmission Acknowledgement mechanism
First and data inspection and
TCP Header Format
TCP uses IP as the network layer protocol, and TCP data segments are encapsulated within an IP packet. The TCP data segment consists of the TCP Head (head) and TCP (data).
TCP has a maximum of 60 bytes in the header, and if there is no field, the normal length is 20 bytes. TCP Head is a number of fields identified, and there are several common fields listed here.
16-bit source port number : TCP assigns a source port number to the source application.
16-bit destination port number : The port number of the destination application. Each TCP segment contains the port number of the source and destination, which is used to find the originating and receiving application processes. These two values, together with the source IP address and destination IP address in the IP header, can uniquely determine a TCP connection.
32-bit serial number : Used to identify the data byte stream sent from the TCP originator to the TCP receiver.
32-digit Confirmation serial number : Confirm that the serial number contains the next sequence number expected to be received at the end of the send acknowledgement. Confirm that the serial number is the last successfully received data serial number plus 1.
4 Head Ministers : Indicates the number of 32bit words first. Because the maximum length of the TCP header is 60 bytes.
16-bit window size : Represents the bytes expected to be received by the receiving end, because the field is 16 bits, and thus the maximum window size is 65535 bytes.
16-bit inspection and : The entire TCP packet is inspected and covered, including TCP headers and TCP data. The value is computed and stored by the originator and validated by the receiving end.
TCP three handshakes (connection established) and four waves (disconnected)
The establishment of a TCP connection is a three-time handshake process. ：
1, the request side (usually also known as the client) sends a SYN segment to indicate that the client expects to connect to the server port with an initial sequence number of a.
2. The server sends back the SYN segment with the serial number B as the response. The confirmation sequence number of the client is also set to 1 (a+1) as the acknowledgment of the SYN message to the client.
3, the client set serial number is the server side serial number plus 1 (b+1) as the server-side SYN message segment confirmation.
These three message segments complete the establishment of the TCP connection.
The establishment of a TCP connection is a three-time handshake, and the termination of the TCP connection is four times the handshake.
1, the request side (usually also known as the client) to terminate the connection is to send a fin segment, the serial number is set to a.
2, the server responds to a confirmation sequence number for the client's serial numbers plus 1 (a+1) ACK confirmation segment, as the client's fin message confirmation.
3. The server sends a fin termination segment to the client (set the serial number to B and the confirmation number to a+1).
4, the client returns a confirmation message (set the serial number to b+1) as a response.
The above four interactions complete the closing of the two-direction connection.
TCP sliding window mechanism:
TCP sliding window technology adjusts the data transfer between two hosts by dynamically changing the window size. Each TCP/IP host supports full-duplex data transfer, so TCP has two sliding windows: one for receiving data and the other for sending data. TCP uses a positive acknowledgment technique whose confirmation number refers to the next expected byte.
As an example of sending data in a single direction, how to implement the flow of a sliding window
Control. The server sends 4 data segments of 1024 bytes to the client, where the window size of the sender is 4096, the client to the ACK4097 response, and the window resizes to 2048, indicating that the client (that is, the receiving side) buffer can handle only 2048 bytes of data segment. The sending end then changes its transmit rate. A data segment that sends a data segment size of 2048 that the receiving end can receive.
UDP Protocol Overview
UDP provides services for applications that are non-connected. The source and destination ports do not need to establish a connection before transmitting data.
There is no need to maintain connection status, send and receive status, etc., so the server can transmit the same message to multiple clients at the same time.
UDP is suitable for the use of high transmission efficiency requirements.
UDP Header Format
Both UDP and TCP use IP as the Network layer protocol, and TCP datagrams are encapsulated within an IP packet. Because UDP does not provide reliable transmission like TCP, UDP's message format is relatively simple.
The entire UDP header has the following identity:
16-bit Source port number: A source port number assigned to the source-side application.
16-bit Destination port number: Port number of the destination application
16-bit UDP length: refers to the byte length of the UDP header and UDP data. The minimum value for this field is 8.
16-bit UDP inspection and: This field provides the same functionality as the TCP check, except that the field is optional in the UDP protocol.
TCP VS UDP
The network layer receives the TCP data segment of the transport layer and adds the network layer IP header information. The normal IP header has a fixed length of 20 bytes (without the IP option field).
The IP header consists of the following fields: the length of the message refers to the number of 32 bits of the head, including any options. Since it is a 4-bit field, 24=16, remove all 0 entries with a total of 15 valid value bit fields, where the maximum value is also 15, indicating that the head accounts for 15 bits. So 32*15/8=60 bytes, the head is 60 bytes long.
The Version number field indicates the version number of the IP protocol, and the current protocol version number is 4. The next generation IP protocol has a version number of 6.
The 8-bit service type (Tos,type of services) field includes a 3-bit priority field (Cos,class of service), 4-bit TOS field, and 1-bit unused bit. The 4-bit TOS represents the minimum latency, maximum throughput, maximum reliability, and minimum cost, respectively.
Total length is the entire IP datagram length, including the data section. Because the word is 16 bits long, the IP datagram can be up to 65535 bytes in length. Although a 65535-byte IP datagram can be delivered, most of the link layers will fragment it. Also, the host requires that it cannot receive more than 576 bytes of datagrams. UDP limits User Datagram length to 512 bytes, less than 576 bytes. In fact, most implementations today (especially those that support NFS implementations of network file systems) allow more than 8192 bytes of IP datagrams.
The identifier (identification) field uniquely identifies each packet sent by the host. It usually adds 1 to the value of each message sent.
The Lifetime (Ttl,time to live) field sets the number of routers that the packet can pass through. Once a router is passed, the TTL value is reduced by 1, and when the value of the field is 0 o'clock, the packet is discarded.
The Protocol field determines the upper layer protocol that is transmitted within the packet, similar to the port number, and the IP protocol distinguishes the upper layer protocol with the protocol number. The protocol number for the TCP protocol is 6,UDP protocol number 17.
The header checksum (Head checksum) field calculates the checksum of the IP header to check the integrity of the packet header.
The source IP address and destination IP address fields identify the source-side device and destination device IP address information for the packet.
The Ethernet header consists of three fields:
DMAC: Represents the destination endpoint MAC address.
SMAC: Represents the source-side MAC address.
Length/type fields: Different meanings depending on the value:
When Lenght/type > 1500, it represents the type of the data frame (e.g.
Upper-level protocol types) Common protocol types are:
0X0800 IP Packets
0x0806 ARP Request/Response message
0x8035 RARP Request/Response message.
When Length/type < 1500, the length of the data frame is represented.
As shown, an example of the use of the Telnet protocol packet capture example, further deepen the understanding of packet encapsulation.
The TCP three-time handshake process for AR1 using Telnet protocol to Telnet to AR2.
Encapsulates the data link layer. The Ethernet II format package is used.
Dmac is: 00e0:fc3b:6792
SMAC is: 00e0:fc80:64f3
Type: Field 0x0800 indicates that the data fields are encapsulated as IP packets.
For the network beginning text encapsulation. A network layer IP packet is composed of IP header and IP data.
Indicates that it is a IPV4 message.
Message header is 20 bytes
The Protocol field is a 0x06, indicating that the data encapsulates a TCP message.
The source IP address of the data is 22.214.171.124, the destination IP address is 126.96.36.199
Encapsulates the transport layer data. The transport layer is using the TCP protocol
The source port number is the random port number 49895, the destination port number is the recognized Telnet protocol port number 23
Common default port number the packet format of the network layer---packet is a very important field called the protocol number. For example, if the transport layer is a TCP connection then the protocol number in the network layer IP packet will have a value of 6 if it is UDP, that value is the---transport layer.
The Transport layer------the application layer through the Interface Association (the field of the port is called the port).
Use Netstat–an to view the port numbers that are open to the machine.
The following ports are commonly used by proxy servers:
HTTP protocol Proxy Server common port number 80/8080/3128/8081/9080
Socks Proxy Protocol Server common port number 1080
FTP File Transfer Protocol proxy Server common port number 21
Telnet remote login Protocol proxy Server common port 23
HTTP Server default port number for 80/tcp Trojan executor open this port
httpssecurely transferring Web pages server The default port number is 443/tcp 443/UDP
Telnet unsecured text transfer default port number is 23/tcp Trojan tiny Telnet Server open ports
FTP default port number is 21/tcp Trojan doly Trojan, Fore, Invisibleftp, WebEx, Wincrash and Blade Runner open ports
Tftptrivial File Transfer Protocol The default port number is 69/UDP
SSH secure login, SCP file transfer, port redirection by default the port number is 22/TCP
SMTP Simple Mail Transfer Protocol (e-mail) The default port number is 25/tcp Trojan antigen, Emailpassword Sender, Haebu Coceda, Shtrilitzstealth, WINPC, Winspy all open this port
POP3 Post Office Protocol (e-mail) The default port number is 110/TCP
WebLogic The default port number is 7001
The default port number for the Webshpere application is 9080
The default port number for the Webshpere management tool is 9090
The default port number for JBoss is 8080
The default port number for Tomcat is 8080
WIN2003 Remote Login The default port number is 3389
Symantec av/filter for MSE, default port number 8081 Oracle Database The default port number is 1521
The default port number for ORACLE Emctl is 1158
The default port number for Oracle XDB XML database is 8080
The default port number for Oracle XDB FTP service is 2100
The default port number for MS sql*server database server is 1433/tcp 1433/UDP
MS sql*server Database Monitor the default port number is 1434/tcp 1434/UDP
QQ default port number is 1080/UDP
"Go" TCP/IP protocol stack and OSI reference Model detailed