It is important to understand basic network concepts to understand how cloud services work.
Network Performance
- Bandwidth is the rate of data transfer for a period of time.
- measured in bps (bit per second, such as 1 Gbps).
- Latency is the amount of time it takes to send data from one point to another.
- measured in time duration (microseconds or milliseconds).
Network Models
OSI and TCP/IP models are conceptual models. So they do not match with real-world applications or protocols. Some protocols or applications span multiple layers.
OSI (Open Systems Interconnection) Model: 7 Layers
Physical -> Data Link -> Network -> Transport -> Session -> Presentation -> Application
- Layer 1 (Physical) agrees on how to transmit and receive data in a physical medium; the medium, the voltage, and RF details.
- Layer 2 (Data Link) adds MAC (Media Access Control- addresses), which can be used for named communication on the local network.
- Layer 3 (Network) allows the packets to pass through different networks – Routing.
- Layer 4 (Transport) adds TCP (reliability) or UDP (Speed).
- TCP ensured data is transmitted in the correct order and adds error checking.
- Ports allow different communication to the same host.
- Layer 5 (Session) adds the concept of sessions between client and server – Interhost communication.
- Layer 6 (Presentation) adds the data conversion, encapsulation, and compression – SSL, TLS.
- Layer 7 (Application) is where protocols (HTTP, SSH, FTP) are added.
TCP vs. UDP vs. ICMP
TCP
- Transmission Control Protocol
- Layer 4
- Connection-based, stateful, ensure the successful delivery of data
- Reliable
- Web, Email, File Transfer
UDP
- User Datagram Protocol
- Layer 4
- Connectionless, stateless, no retransmission delays
- Faster, Simpler
- Media Streaming, DNS
ICMP
- Internet Control Message Protocol
- Layer 3
- Used by network devices to exchange info
- reporting errors and performing network diagnostics
- used for the following commands:
- traceroute, ping
IP Addresses – IPv4
A user uses user-friendly domain names to access the network resources. But the machines only understand IP address, which is a set of numbers.
- IPv4 has four segments (1 byte or 8 bit each: 0~255)
- 4 bytes (32bit): 0.0.0.0 to 255.255.255.255
- 0.0.0.0 or 0.0.0.0/0: represents all IP address
- 255.255.255.255: broadcast to all IP addresses (it is generally filtered)
- 127.0.0.1: localhost or loopback
- Classes – network part + node (host) part
- Class A (/8): 1.0.0.0 to 126.255.255.255
- 126 networks and 16,777,214 nodes in each
- Class B (/16): 128.0.0.0 to 191.255.255.255
- 16,382 networks and 65,534 nodes in each
- Class C (/24): 192.0.0.0 to 223.255.255.255
- 2,097,150 networks and 254 nodes in each
- There are 2 reserved networks in each class.
- Class A (/8): 1.0.0.0 to 126.255.255.255
CIDR (Classless Inter-Domain Routing) is used for more effective allocation and sub-networking.
- It is a simpler representation of IP address ranges than traditional classes and subnet masks.
- CIDR is represented as <network>/<prefix>. (e.g. 10.0.0.0/24)
- The prefix is the number of bits that the network uses.
- For example, “10.0.2.0/24” means the first 24 bits are the network part, and the next 8 bits can be used as hosts. In this example, 2^8 – 2 = 254 host addresses are available. (2 addresses are reserved for network and broadcast. Cloud providers usually reserve some more IP addresses.)
- Class A: -.-.-.-/8
- Class B: -.-.-.-/16
- Class C: -.-.-.-/24
Private Network Ranges
A private IP address is an IP address used within a private network that is not routable on the public internet.
| Class | Range | CIDR | # of Networks | # of Addresses per Network |
|---|---|---|---|---|
| Class A | 10.0.0.0 to 10.255.255.255 | 10.0.0.0/8 | 1 | 2^24 -2 = 16,777,214 |
| Class B | 172.16.0.0 to 172.31.255.255 | 172.16.0.0/12 | 16 | 2^16 -2 = 65,534 |
| Class C | 192.168.0.0 to 192.168.255.255 | 192.168.0.0/16 | 256 | 2^8 -2 = 254 |
IP Addresses – IPv6 in AWS
- IPv6 is not enabled on EC2 instances by default.
- IPv6 is not supported by all AWS services.
- IPv6 is attached to the operating system. IPv4 is not.
- There is no IPv6 private address. All IPv6 addresses are public.
Switches and Routers
- Switches: OSI Layer 2 devices
- Direct communication between machines in a single network (single IP range)
- Routers: OSI Layer 3 devices
- Allows inter-network communications
IP Routing
- Local: Using MAC address (Layer 2)
- Does not span across networks – No router.
- Uses Address Resolution Protocol (ARP).
- L3 packets are created and wrapped in L2 Frames. -> L2 frame is sent to the destination MAC.
- Known Remote: Uses a router (L3 packet)
- L3 Packets are not changed.
- When the destination is not local, the L2 frame (L3 packet in it) is sent to the default gateway (router) -> If the router knows the destination, the router strips the L2 frame, wraps the L3 packet with a new L2 frame, and sends it to the destination.
- Unknown Remote: Routing works the same whether the destination is known or unknown
- Usually, unchanged packets (L3) being passed through multiple routers (internet); between routers, a new L2 connection is used.
- The internet uses the Border Gateway Protocol (BGP) to advertise networks among routers.
NAT (Network Address Translation)
- IPv4 has a limited number of available IP addresses.
- The private IP addresses are used for internal networks to bypass the issue. But private IP addresses are not routable on the internet.
- When a machine inside an internal network needs to communicate with the public network, a NAT device translates the private IP address to the public IP address and vice versa.
Proxy Server
- A proxy server is a gateway between a private network and a public one.
- A user in a private network accesses the public network through a proxy server, which can support firewalls, filtering, and caching.
Scriptorium 