[AWS] Basic Networking

It is important to understand basic network concepts to understand how cloud services work.

Network Performance

  • Bandwidth is the rate of data transfer for a fixed period of time measured in bps (bit per second such as 1Gbps).
  • Latency is the amount of time it takes to send data from one point to another measured in time duration (microseconds or milliseconds).

Network Models

OSI and TCP/IP models are conceptual models. So they do not match with real-world applications or protocols. Some protocols or applications span multiple layers.

OSI (Open Systems Interconnection) Model: 7 Layers

Physical -> Data Link -> Network -> Transport -> Session -> Presentation -> Application

  • Layer 1 (Physical) agrees on how to transmit and receive data in a physical medium; the medium, the voltage, and RF details.
  • Layer 2 (Data Link) adds MAC addresses, which can be used for named communication on the local network.
  • Layer 3 (Network) allows the packets to pass through different networks – Routing.
  • Layer 4 (Transport) adds TCP (reliability) or UDP (Speed)
    • TCP ensured data is transmitted in the correct order and adds error checking.
    • Ports allow different communication to the same host.
  • Layer 5 (Session) adds the concept of sessions between client and server.
  • Layer 6 (Presentation) adds the data conversion, encapsulation, and compression – TLS.
  • Layer 7 (Application) is where protocols (HTTP, SSH, FTP) are added.
Network Layers

TCP vs. UDP vs. ICMP


  • Transmission Control Protocol
  • Layer 4
  • Connection-based, stateful, ensure the successful delivery of data
  • Reliable
  • Web, Email, File Transfer


  • User Datagram Protocol
  • Layer 4
  • Connectionless, stateless, no retransmission delays
  • Faster, Simpler
  • Media Streaming, DNS


  • Internet Control Message Protocol
  • Layer 3
  • Used by network devices to exchange info
    • reporting errors and performing network diagnostics
  • traceroute, ping

IP Addresses – IPv4

A user uses user-friendly domain names to access the network resources. But the machines only understand IP address, which is a set of numbers.

  • IPv4 has four segments (1 byte or 8 bit each: 0~255)
    • 4 bytes (32bit): to
    • or represents all IP address
    • broadcast to all IP addresses (it is generally filtered)
    • localhost or loopback
  • Classes – network part + node part
    • Class A (/8): to 126 networks and 16,777,214 nodes in each
    • Class B (/16): to 16,382 networks and 65,534 nodes in each
    • Class C (/24): to 2,097,150 networks and 254 nodes in each
    • There are 2 reserved networks in each class.
  • Private Network Ranges
    • Class A: to (1 network)
    • Class B: to (16 networks)
    • Class C: to (256 networks)

CIDR (Classless Inter-Domain Routing) is used for more effective allocation and sub-networking.

  • It is a simpler representation of IP address ranges than traditional classes and subnet masks.
  • CIDR is represented as <network>/<prefix>. (e.g.
  • The prefix is the number of bits that the network uses.
  • For example, “” means the first 24 bits are the network part, and the next 8 bits can be used as hosts. In this example, 2^8 – 2 = 254 host addresses are available. (2 addresses are reserved for network and broadcast. Cloud providers usually reserve some more IP addresses.)
    • Class A: -.-.-.-/8
    • Class B: -.-.-.-/16
    • Class C: -.-.-.-/24

IP Addresses – IPv6 in AWS

  • IPv6 is not enabled on EC2 instances by default.
  • IPv6 is not supported by all AWS services.
  • IPv6 is attached to the operating system. IPv4 is not.
  • There is no IPv6 private address. All IPv6 addresses are public.

Switches and Routers

  • Switches: OSI Layer 2 devices – direct communication between machines in a single network (single IP range)
  • Routers: OSI Layer 3 devices – allows inter-network communications

IP Routing

  • Local: Using MAC address (Layer 2)
    • Does not span across networks – No router.
    • Uses Address Resolution Protocol (ARP).
    • L3 packet is created and wrapped in L2 Frames. -> L2 frame is sent to the destination MAC.
  • Known Remote: Uses a router (L3 packet)
    • L3 Packets are not changed.
    • When the destination is not local, the L2 frame (L3 packet in it) is sent to the default gateway (router) -> If the router knows the destination, strips the L2 frame and wrap the L3 packet with a new L2 frame and send it to the destination.
  • Unknown Remote: Routing works the same whether the destination is known or unknown
    • Usually, unchanged packets (L3) being passed through multiple routers (internet); between routers, a new L2 connection is used.
    • The internet uses the Border Gateway Protocol (BGP) to advertise networks among routers.

NAT (Network Address Translation)

  • IPv4 has a limited number of available IP addresses. The private IP addresses are used for internal networks to bypass the issue. But private IP addresses are not routable on the internet.
  • When a machine inside an internal network needs to communicate with the public network, a NAT device translates the private IP address to the public IP address and vice versa.

Proxy Server

  • A proxy server is a gateway between a private network and a public one.
  • A user in a private network accesses the public network through a proxy server, which can support firewalls, filtering, and caching.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s